Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Daily Diamond

Weird file appeared in hosting. Anyone know what it is?

M

mat

Joined
Apr 18, 2007
Posts
3,860
Reaction score
185
Hi,

Hoping that some of you can confirm if this is a normal file or anything malicious? I don't want to take any chances. The website is Wordpress based.

In public_html a file appeared just over a week ago.

Name: ftpd0pFi5.cgi

Code inside:

#!/usr/bin/perl
use strict;
use warnings;

print "Content-Type: text/html\n\n";

unlink $0;
my $root = $ENV{DOCUMENT_ROOT_REAL};

chdir $root;
exec 'tar', 'c', '../.';


Thanks.
 
Domain Summit 2024
Don't know what that is.

tar is a file archive utility ...so has a backup plugin been installed recently or failed??
 
I'd say that was malicious, the `exec 'tar', 'c', '../.'` is effectively "drop down a directory, zip everything up and send that as the response to the web request".

The `unlink $0` will remove the file(ftpd0pFi5.cgi) as soon as it has been run.
 
Thanks for the help,

Regarding what you said TallBloke and the description of what is being run from Dave, this sounds like it could be my hosts full site backup utility. I do actualy remember it failing around the time as I was trying to get a backup to my desktop.

I will keep the file deleted.

Thanks,

Mat
 
You must log in or register to reply here.

Similar threads

Aegean
  • Locked
IE9 Cufon / Prettyphoto Problem
Replies
0
Views
4K
Aegean
Aegean

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

Total: 882 (members: 17, guests: 865)

Featured Services

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Register for the auction

Latest Comments

Spread the Word!

Acorn Domains Merch
MariaBuy Marketplace

New Threads

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Service
Laskos
*the exceptional businesses of our esteemed moderators
Top Bottom