SHELL.PHP files founder under many accounts !!!

[furquan]

Hello Every one,

Today, while i was auditing my server, I happen to run a search on my server to locate any "shell.php" files and to my surprise i found many !!!

/home/irtechi/public_html/website/plugins/editors/jce/tiny_mce/plugins/spellchecker/classes/pspellshell.php
/home/itzone/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/jonathan/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/kcarp/public_html/mobile/wp-includes/Text/Diff/Engine/shell.php
/home/kcarp/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/linxbpro/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/managers/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/mbn/public_html/blog/wp-includes/Text/Diff/Engine/shell.php
/home/mmicom/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/momsfiel/public_html/wp-includes/Text/Diff/Engine/shell.php

Can anybody on board, Let me know if these files are ok under wordpress and joomla ?

Or should i go ahead and disable these accounts ?

Please advice !!

Thank you

 

[lorio]

A filename tells us nothing about its content if placed by someone who wants to abuse your server infrastructure.

The shell.php inside the wordpress installations seems to be a simple wrapper for executing diff

home/www/wordpress/wp-includes/Text/Diff/Engine/shell.php
*
* This class uses the Unix `diff` program via shell_exec to compute the
* differences between the two input arrays.
*
* $Horde: framework/Text_Diff/Diff/Engine/shell.php,v 1.8 2008/01/04 10:07:50 jan Exp $
*
* Copyright 2007-2008 The Horde Project (The Horde Project)

But without knowing the actual content of these files it is just a guess with odds in mind.

 

[cPanelMichael]

Hello

It's possible they are just the standard files included with the software, but I recommend reviewing the contents of the files to determine if they are malicious.

Thank you.

 

[kdean]

I can verify that the shell.php is part of the wordpress install.