SHELL.PHP files founder under many accounts !!!

furquan

Well-Known Member
Jul 27, 2002
473
4
168
Hello Every one,

Today, while i was auditing my server, I happen to run a search on my server to locate any "shell.php" files and to my surprise i found many !!!

PHP:
/home/irtechi/public_html/website/plugins/editors/jce/tiny_mce/plugins/spellchecker/classes/pspellshell.php
/home/itzone/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/jonathan/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/kcarp/public_html/mobile/wp-includes/Text/Diff/Engine/shell.php
/home/kcarp/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/linxbpro/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/managers/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/mbn/public_html/blog/wp-includes/Text/Diff/Engine/shell.php
/home/mmicom/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/momsfiel/public_html/wp-includes/Text/Diff/Engine/shell.php
Can anybody on board, Let me know if these files are ok under wordpress and joomla ?

Or should i go ahead and disable these accounts ?

Please advice !!

Thank you
 

lorio

Well-Known Member
Feb 25, 2004
305
16
168
cPanel Access Level
Root Administrator
A filename tells us nothing about its content if placed by someone who wants to abuse your server infrastructure.

The shell.php inside the wordpress installations seems to be a simple wrapper for executing diff

home/www/wordpress/wp-includes/Text/Diff/Engine/shell.php
*
* This class uses the Unix `diff` program via shell_exec to compute the
* differences between the two input arrays.
*
* $Horde: framework/Text_Diff/Diff/Engine/shell.php,v 1.8 2008/01/04 10:07:50 jan Exp $
*
* Copyright 2007-2008 The Horde Project (The Horde Project)
But without knowing the actual content of these files it is just a guess with odds in mind.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

It's possible they are just the standard files included with the software, but I recommend reviewing the contents of the files to determine if they are malicious.

Thank you.