mbekezm

Member
Dec 22, 2011
15
0
51
Port 80
cPanel Access Level
Root Administrator
Hello

I have an issue with a cronjob that seems to be the one thats keeps on hacking websites to send spam .

If i do the crontab -e it shows as below but i can't seem to be able to scroll down enough to delete it

any ideas hopw i can tackle this ?

i.imgur.com/UqsgSPx.png
 
Last edited by a moderator:

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
6,762
535
263
Houston
cPanel Access Level
DataCenter Provider
That's not a cronjob, that's the file descriptor for crontab that's being held in tmp when you view/edit it that is present any time you view the crontab. For example:

Code:
0 6 * * * /usr/local/cpanel/scripts/exim_tidydb > /dev/null 2>&1
30 5 * * * /usr/local/cpanel/scripts/optimize_eximstats > /dev/null 2>&1
@reboot /usr/local/cpanel/bin/onboot_handler
8 0 * * * /usr/local/cpanel/whostmgr/docroot/cgi/cpaddons_report.pl --notify
17 5 * * * (/usr/local/cpanel/scripts/fix-cpanel-perl; /usr/local/cpanel/scripts/upcp --cron > /dev/null)
0 1 * * * /usr/local/cpanel/scripts/cpbackup
0 2 * * * /usr/local/cpanel/bin/backup
35 * * * * /usr/bin/test -x /usr/local/cpanel/bin/tail-check && /usr/local/cpanel/bin/tail-check
0 */2 * * * /usr/local/cpanel/scripts/shrink_modsec_ip_database -x 2>&1
5,20,35,50 * * * * /usr/local/cpanel/scripts/eximstats_spam_check 2>&1
45 */4 * * * /usr/bin/test -x /usr/local/cpanel/scripts/update_mailman_cache && /usr/local/cpanel/scripts/update_mailman_cache
30 */4 * * * /usr/bin/test -x /usr/local/cpanel/scripts/update_db_cache && /usr/local/cpanel/scripts/update_db_cache
25 */2 * * * /usr/local/cpanel/bin/mysqluserstore >/dev/null 2>&1
15 */2 * * * /usr/local/cpanel/bin/dbindex >/dev/null 2>&1
15 */6 * * * /usr/local/cpanel/scripts/autorepair recoverymgmt >/dev/null 2>&1
*/5 * * * * /usr/local/cpanel/scripts/dcpumon-wrapper >/dev/null 2>&1
14,29,44,59 * * * * /usr/local/cpanel/whostmgr/bin/dnsqueue > /dev/null 2>&1
4 0 * * * /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings
09,39 * * * * /usr/local/cpanel/scripts/clean_user_php_sessions > /dev/null 2>&1
~
~
"/tmp/crontab.Ucz2s6" 19L, 1439C
 

mbekezm

Member
Dec 22, 2011
15
0
51
Port 80
cPanel Access Level
Root Administrator
Thank you.

Is they a way i can find out the cPanel user who created the folder/file ?

Edit : I found the file but every time i delete it from tmp it comes back again using another name and the contents of the fiole are unreadable. This file changes name every now and then and i'm getting worried .

I just went through every account on the server cleaning up those that seemed to have funny looking cron jobs but this won't go away.
 
Last edited:

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
6,762
535
263
Houston
cPanel Access Level
DataCenter Provider
They won't go away, they're held in /tmp when being edited or updated by the system. Cron jobs do not appear to be the source of your issue from the information you've provided.