The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SHELL.PHP files founder under many accounts !!!

Discussion in 'Security' started by furquan, Oct 2, 2013.

  1. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Hello Every one,

    Today, while i was auditing my server, I happen to run a search on my server to locate any "shell.php" files and to my surprise i found many !!!

    PHP:
    /home/irtechi/public_html/website/plugins/editors/jce/tiny_mce/plugins/spellchecker/classes/pspellshell.php
    /home/itzone/public_html/wp-includes/Text/Diff/Engine/shell.php
    /home/jonathan/public_html/wp-includes/Text/Diff/Engine/shell.php
    /home/kcarp/public_html/mobile/wp-includes/Text/Diff/Engine/shell.php
    /home/kcarp/public_html/wp-includes/Text/Diff/Engine/shell.php
    /home/linxbpro/public_html/wp-includes/Text/Diff/Engine/shell.php
    /home/managers/public_html/wp-includes/Text/Diff/Engine/shell.php
    /home/mbn/public_html/blog/wp-includes/Text/Diff/Engine/shell.php
    /home/mmicom/public_html/wp-includes/Text/Diff/Engine/shell.php
    /home/momsfiel/public_html/wp-includes/Text/Diff/Engine/shell.php
    Can anybody on board, Let me know if these files are ok under wordpress and joomla ?

    Or should i go ahead and disable these accounts ?

    Please advice !!

    Thank you
     
  2. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    243
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    A filename tells us nothing about its content if placed by someone who wants to abuse your server infrastructure.

    The shell.php inside the wordpress installations seems to be a simple wrapper for executing diff

    But without knowing the actual content of these files it is just a guess with odds in mind.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,674
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's possible they are just the standard files included with the software, but I recommend reviewing the contents of the files to determine if they are malicious.

    Thank you.
     
  4. kdean

    kdean Well-Known Member

    Joined:
    Oct 19, 2012
    Messages:
    262
    Likes Received:
    12
    Trophy Points:
    18
    Location:
    Orlando, FL
    cPanel Access Level:
    Root Administrator
    I can verify that the shell.php is part of the wordpress install.
     
Loading...

Share This Page