The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Strange files in /tmp

Discussion in 'General Discussion' started by markie, Nov 17, 2003.

  1. markie

    markie BANNED

    Joined:
    Oct 5, 2003
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    0
    We are running phpsuexec. In /tmp we see two files owned by cpanel.cpanel.

    -rw------- 1 cpanel cpanel 12146029 Nov 15 00:10 phpKuxb1K
    -rw------- 1 cpanel cpanel 4931584 Nov 15 01:00 phpSXp5TV

    Both files contain the following;

    insert into yahoo_cat (id, name) values (NULL, 'http://dir.yahoo.com/Business_and_Economy/Shopping_and_Services/
    Real_Estate/Agencies/Directories/
    ');

    You can see how big the first file is and thats all thats in it.

    WTF is this?

    We also have a file called; mt-throttle.db owned by one of our users. Why is it in here?

    Why is /tmp so insecure?
     
    #1 markie, Nov 17, 2003
    Last edited: Nov 17, 2003
  2. LS_Drew

    LS_Drew Well-Known Member

    Joined:
    Feb 20, 2003
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    16
    It's insecure because you didn't secure it. :)

    Mount it noexec, nosuid, nodev to be safer against people getting things in there and executing them.
     
  3. markie

    markie BANNED

    Joined:
    Oct 5, 2003
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    0
    Its not a compromise but rather than just some files in /tmp.
    and why would you bother with noexec? It won't stop anything. If it's a perl script you run perl script (calling the script as a parameter) and since perl or sh is on a different partition it will happily run.., same for shell scripts. What's the point of noxec? Crackers ain't stupid, but if you think noexec provides any real 'security' then thats fine!
     
    #3 markie, Nov 18, 2003
    Last edited: Nov 18, 2003
  4. RaveKnights

    RaveKnights Well-Known Member

    Joined:
    Nov 5, 2003
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Some Where Out There!
    I will make a guess that this is a temp file created from a user using the search engine submit inside cpanel.

    "It's just a guess"

    oh! and the mt-throttle.db looks like a MySQL temp file.
     
    #4 RaveKnights, Nov 18, 2003
    Last edited: Nov 18, 2003
Loading...

Share This Page