ServerTune Logo Control Panel Licenses Server Management VPS Dedicated Servers Colocation ServerTune.com
 
ServerTune HomeAbout usContact usHelp DeskKnowledgebaseSpecialLIVE Chat ServerTune
DirectAdmin VPS Server Management

Our most popular service:

Dedicated Server Hosting

Dedicated Servers: starting $89 /month

  

Issues, Tips, and Solutions

Click here to tour ServerTune's Data Center and view photos from the conferences we attended.

*** Follow ServerTune on: ServerTune is on Facebook ServerTune is on Twitter
 
 
Browse by category   Search
 
/ServerTune KB / Control Panels / Found suspicious scripts in /tmp directory/
Found suspicious scripts in /tmp directory
Printer Friendly
Printer friendly
email to a friend
Email to friend
Add comment Add comment
Views: 2470
Votes: 0
Comments: 0
Posted: 29 Nov, 2007
by: Customer Service :: S.
* * * * *
Updated: 09 Dec, 2007
by: Customer Service :: S.

I found a backdoor binary file in /tmp directory. The name of that file is "fds". How can I find out who put it there?

Since this file is in /tmp directory, it was most likely put there by a vulnerable Php script. Look into the access log file(s) in /usr/local/apache/domlogs directory for the file "fds" and see if you can find the site that was used to upload the file to your server . Use the following command at the prompt:
    grep -i bds /usr/local/apache/domlogs/* 
OR
    grep -i bds PATH_TO_APACHE_domlogs/*
Other articles in this Category
document crontab stopped working for end-users
document Control Panels :: FREE and Commercial


RSS
Last update: December 22nd, 2009 ••• Copyright © 2004-2010 ServerTune Inc.
Control Panel Licensing
cPanel Plesk Miva Merchant