Tags Archives: exploit

Find symlinks on Cpanel

Find all possible root symlinks (leftover from attempted exploits) and save them as a list ‘symlinks.txt’. ls /var/cpanel/users | grep -v “\`\|\.\|cpanel\|root\|mysql\|nobody” | \ while read CPUSER; do find /home/$CPUSER -type l -not \( -lname “/home/$CPUSER/*” \ -o -lname “*rvsitebuilder*” -o -lname “[^/]*” -o -lname “/usr/local/apache/domlogs/*” \ -o -lname “/usr/local/urchin/*” \) ; done \ > […]

The mysterious /tmp/.tmp folder

If LFD reports a /tmp/.tmp folder on your server you have been hit with the latest timthumb.php hack, which is circulating among wordpress sites which dodged the first mass infection last August for unknown reasons. The /tmp/.tmp folder contains a list of firefox visitor IP’s who have visited your site and were exposed to malicious […]