Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

temporary files...

Discussion in 'General Discussion' started by DrScott, Dec 12, 2003.

  1. DrScott

    DrScott Registered

    Joined:
    Dec 12, 2003
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    151
    Hi!

    Recently i noticed some strange files in /tmp:

    Code:
    -rw-r--r--    1 nobody   nobody       4173 10. Dez 19:18 wget.c
    -rw-r--r--    1 nobody   nobody      18944 10. Dez 19:18 sock881
    -rw-r--r--    1 nobody   nobody        111 10. Dez 19:18 dec.cgi
    -rw-r--r--    1 nobody   nobody       9472 10. Dez 19:18 2.sh
    
    To me, these files look like part of a 'hacking session'. For example, the file wget.c (c code) contains a string something like 'can't fork tty, **** YOU SO'. Unfortunately the file was removed in the meantime...
    In addition, there is a file /tmp/my which is executable and also uid/gid 'nobody'. It includes a string '+ Info: Backdoor by mY tEaM - 2003, IrcNet: #my'.

    So, i reportet these facts to the admin of the server. He answered me, that there is nothing to be afraid of: All the files are 'part of cpanel'. He said, that these files are temporarly used, if 'an update process of cpanel failed'. I can't believe that. I wonder if the admin is trying to burke the attack.

    @cpanel team: Are these files belonging to cpanel?
    @all: What's your opinion?

    Best regards
    Henning
     
  2. jphilipson

    jphilipson Well-Known Member

    Joined:
    Jan 8, 2003
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    156
    You didn't know that cpanel includes backdoors?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice