NEW VPS Plans

ServerTune provides -- managed and un-managed -- VPS hosting solutions at affordable prices to accommodate your personal and/or businesses needs.

Click here for more info ...

NEW VPS Plans

Click to hideClick to view
ServerTune

Browse by category

Search    |    Advanced search

Found suspicious scripts in /tmp directory

I found a backdoor binary file in /tmp directory. The name of that file is "fds". How can I find out who put it there?

Since this file is in /tmp directory, it was most likely put there by a vulnerable Php script. Look into the access log file(s) in /usr/local/apache/domlogs directory for the file "fds" and see if you can find the site that was used to upload the file to your server. Use the following command at the prompt:

grep -i bds /usr/local/apache/domlogs/* 

OR

grep -i bds PATH_TO_APACHE_domlogs/*
Printer Friendly
 
email to a friend
Email to friend
 
Add comment
Add comment
 
Views: 3414
 
Votes: 0
 
Comments: 0
 
Posted: 29 Nov, 2007 by: Customer Service S.
Updated: 06 Mar, 2011 by: Customer Service S.

Other articles in this Category

Article
Article
Article
Article
RSS