Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Strange files in /tmp

Discussion in 'General Discussion' started by markie, Nov 17, 2003.

  1. markie

    markie BANNED

    Joined:
    Oct 5, 2003
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    166
    We are running phpsuexec. In /tmp we see two files owned by cpanel.cpanel.

    -rw------- 1 cpanel cpanel 12146029 Nov 15 00:10 phpKuxb1K
    -rw------- 1 cpanel cpanel 4931584 Nov 15 01:00 phpSXp5TV

    Both files contain the following;

    insert into yahoo_cat (id, name) values (NULL, 'http://dir.yahoo.com/Business_and_Economy/Shopping_and_Services/
    Real_Estate/Agencies/Directories/
    ');

    You can see how big the first file is and thats all thats in it.

    WTF is this?

    We also have a file called; mt-throttle.db owned by one of our users. Why is it in here?

    Why is /tmp so insecure?
     
    #1 markie, Nov 17, 2003
    Last edited: Nov 17, 2003
  2. LS_Drew

    LS_Drew Well-Known Member

    Joined:
    Feb 20, 2003
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    166
    It's insecure because you didn't secure it. :)

    Mount it noexec, nosuid, nodev to be safer against people getting things in there and executing them.
     
  3. markie

    markie BANNED

    Joined:
    Oct 5, 2003
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    166
    Its not a compromise but rather than just some files in /tmp.
    and why would you bother with noexec? It won't stop anything. If it's a perl script you run perl script (calling the script as a parameter) and since perl or sh is on a different partition it will happily run.., same for shell scripts. What's the point of noxec? Crackers ain't stupid, but if you think noexec provides any real 'security' then thats fine!
     
    #3 markie, Nov 18, 2003
    Last edited: Nov 18, 2003
  4. RaveKnights

    RaveKnights Well-Known Member

    Joined:
    Nov 5, 2003
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Some Where Out There!
    I will make a guess that this is a temp file created from a user using the search engine submit inside cpanel.

    "It's just a guess"

    oh! and the mt-throttle.db looks like a MySQL temp file.
     
    #4 RaveKnights, Nov 18, 2003
    Last edited: Nov 18, 2003
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice