The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

temporary files...

Discussion in 'General Discussion' started by DrScott, Dec 12, 2003.

  1. DrScott

    DrScott Registered

    Joined:
    Dec 12, 2003
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi!

    Recently i noticed some strange files in /tmp:

    Code:
    -rw-r--r--    1 nobody   nobody       4173 10. Dez 19:18 wget.c
    -rw-r--r--    1 nobody   nobody      18944 10. Dez 19:18 sock881
    -rw-r--r--    1 nobody   nobody        111 10. Dez 19:18 dec.cgi
    -rw-r--r--    1 nobody   nobody       9472 10. Dez 19:18 2.sh
    
    To me, these files look like part of a 'hacking session'. For example, the file wget.c (c code) contains a string something like 'can't fork tty, **** YOU SO'. Unfortunately the file was removed in the meantime...
    In addition, there is a file /tmp/my which is executable and also uid/gid 'nobody'. It includes a string '+ Info: Backdoor by mY tEaM - 2003, IrcNet: #my'.

    So, i reportet these facts to the admin of the server. He answered me, that there is nothing to be afraid of: All the files are 'part of cpanel'. He said, that these files are temporarly used, if 'an update process of cpanel failed'. I can't believe that. I wonder if the admin is trying to burke the attack.

    @cpanel team: Are these files belonging to cpanel?
    @all: What's your opinion?

    Best regards
    Henning
     
  2. jphilipson

    jphilipson Well-Known Member

    Joined:
    Jan 8, 2003
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    You didn't know that cpanel includes backdoors?
     
Loading...

Share This Page