Found suspicious scripts in /tmp directory

Sometimes its very frustating to find how the suspicious files are stored in /tmp directory.  How can I find out who put it there? Since this file is in /tmp directory, it was most likely put there by a vulnerable Php script.

Look into the access log file(s) in /usr/local/apache/domlogs directory for the file “psync.txt” and see if you can find the site that was used to upload the file to your server .

Use the following command at the prompt:

      grep -i
psync.txt
    /usr/local/apache/domlogs/*

OR

      grep -i
psync.txt
    PATH_TO_APACHE_domlogs/*
  • 25 Users Found This Useful
這篇文章有幫助嗎?

相關文章

The password you provided is not correct. Trace Output: (root@***.***.***.***’s password: ==sshcontroloutput== sshcmdpermissiondeny

The above error troubles you sometimes while doing multiple transfer via Cpanel to Cpanel server,...

Fantastico is not installed at the default location

Today while installing fantastico on one of our server, We came across the following error....

Compress CPanel Domlogs log files

Before setting up compression of your logs you will want to have cpanel run the stats as often as...

Phpmyadmin failed (Cpanel) Warning: session_start() [function.session-start]: SQLite

Phpmyadmin fails to load and gives the below error. ==== Error ==== Warning: session_start()...

Spamd keeps failing

SSH to the server and run the following commands (in order): ps auxfww | grep spamd kill -9 PID...