Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SHELL.PHP files founder under many accounts !!!

Discussion in 'Security' started by furquan, Oct 2, 2013.

  1. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    471
    Likes Received:
    4
    Trophy Points:
    168
    Hello Every one,

    Today, while i was auditing my server, I happen to run a search on my server to locate any "shell.php" files and to my surprise i found many !!!

    PHP:
    /home/irtechi/public_html/website/plugins/editors/jce/tiny_mce/plugins/spellchecker/classes/pspellshell.php
    /home/itzone/public_html/wp-includes/Text/Diff/Engine/shell.php
    /home/jonathan/public_html/wp-includes/Text/Diff/Engine/shell.php
    /home/kcarp/public_html/mobile/wp-includes/Text/Diff/Engine/shell.php
    /home/kcarp/public_html/wp-includes/Text/Diff/Engine/shell.php
    /home/linxbpro/public_html/wp-includes/Text/Diff/Engine/shell.php
    /home/managers/public_html/wp-includes/Text/Diff/Engine/shell.php
    /home/mbn/public_html/blog/wp-includes/Text/Diff/Engine/shell.php
    /home/mmicom/public_html/wp-includes/Text/Diff/Engine/shell.php
    /home/momsfiel/public_html/wp-includes/Text/Diff/Engine/shell.php
    Can anybody on board, Let me know if these files are ok under wordpress and joomla ?

    Or should i go ahead and disable these accounts ?

    Please advice !!

    Thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    282
    Likes Received:
    9
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    A filename tells us nothing about its content if placed by someone who wants to abuse your server infrastructure.

    The shell.php inside the wordpress installations seems to be a simple wrapper for executing diff

    But without knowing the actual content of these files it is just a guess with odds in mind.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    It's possible they are just the standard files included with the software, but I recommend reviewing the contents of the files to determine if they are malicious.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. kdean

    kdean Well-Known Member

    Joined:
    Oct 19, 2012
    Messages:
    285
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Orlando, FL
    cPanel Access Level:
    Root Administrator
    I can verify that the shell.php is part of the wordpress install.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice