ServerTune is on Facebook ServerTune is on Twitter LIVE Chat
ServerTune Logo Control Panel Licenses Server Management VPS Dedicated Servers Colocation ServerTune.com
 
ServerTune Home:: About us:: Contact us:: Help Desk:: Knowledgebase:: Resellers:: Special ServerTune
DirectAdmin VPS Server Management

Our most popular services/products:

  

Issues, Tips, and Solutions

*** Accessing ServerTune's Knowledgebase
ServerTune is on TwitterServerTune is on Twitter

Become a ServerTune follower and track what others are tweeting about ServerTune. Come tweet with us! Follow us @ServerTune

  

What our Customers are saying?
Browse by category   Search
 
/Main / Control Panels / Found suspicious scripts in /tmp directory/
Found suspicious scripts in /tmp directory
Printer Friendly
Printer friendly
email to a friend
Email to friend
Add comment Add comment
Views: 1568
Votes: 0
Comments: 0
Posted: 29 Nov, 2007
by: Customer Service :: S.
* * * * *
Updated: 09 Dec, 2007
by: Customer Service :: S.

I found a backdoor binary file in /tmp directory. The name of that file is "fds". How can I find out who put it there?

Since this file is in /tmp directory, it was most likely put there by a vulnerable Php script. Look into the access log file(s) in /usr/local/apache/domlogs directory for the file "fds" and see if you can find the site that was used to upload the file to your server . Use the following command at the prompt:
    grep -i bds /usr/local/apache/domlogs/* 
OR
    grep -i bds PATH_TO_APACHE_domlogs/*
Other articles in this Category
document crontab stopped working for end-users
document Control Panels :: FREE and Commercial


RSS
Last update: June 6th, 2009 ••• Copyright (c) 2004-2009 ServerTune Inc.
Control Panel Licensing
cPanel Plesk Miva Merchant