Unknown files in home directory
I was looking through my html directory and found a file I don't recognize. It appears to be a mail form. None of my forms ask for a phone number. I also notice error logs located in many of my html directories and wonder what they are doing out in the open. Any suggestions?
0
CgiVar---
name: redirect
state: hidden
active: 0
label:
text:
redirect urlCgiVar---
name: sort
state: hidden
active: 0
label:
text:
CgiVar---
name: return_link_title
state: hidden
active: 1
label:
text:
homepageCgiVar---
name: name
state:
active: 1
label:
text:
CgiVar---
name: title
state: hidden
active: 1
label:
text:
Your Message Has Been SentCgiVar---
name: required
state: hidden
active: 1
label:
text:
email,name,messageCgiVar---
name: print_blank_fields
state: hidden
active: 1
label:
text:
0CgiVar---
name: phone
state:
active: 0
label: Your Phone number?
text:
YourPhoneCgiVar---
name: env_report
state: hidden
active: 1
label:
text:
REMOTE_ADDR,HTTP_USER_AGENTCgiVar---
name: missing_fields_redirect
state: hidden
active: 1
label:
text:
Back to Main PageCgiVar---
name: return_link_url
state: hidden
active: 1
label:
text:
http://www.mycockerspaniel.com/index.htmCgiVar---
name: message
state:
active: 1
label:
text:
CgiVar---
name: subject
state:
active: 1
label:
text:
CgiVar---
name: recipient
state: hidden
active: 0
label:
text:
Send To:CgiVar---
name: email
state:
active: 1
label:
text:
CgiVar---
name: print_config
state: hidden
active: 0
label:
text:
email,subjectCgiVar---
name: realname
state:
active: 0
label:
text:
-
Is the dog web site yours ? Whats the file name ? 0 -
As @keat63 was getting at, if you aren't familiar with the website listed on the form, it's possible that cPanel account could be compromised. If so, you should remove the file(s) from the account, change the cPanel password for that user, and ensure that any users with access to the account scan their local systems for virus and malware. 0 -
Yes. My site. File name was
It sounds like a name I would have come up with. I think this is old formMail file. My site is old and moved many times. I have changed my password . Any ideas about the error log files? I had deleted them but they reappear. Haven"t tried it recently though since moving serversFM_MCSformMail.dat 0 -
I'm not completely sure what you mean by the error log files - can you get me more details on what you're seeing with that? 0 -
That's the file name. File: "error_log" Size: 2098 Blocks: 8 IO Block: 4096 regular file Device: fd01h/64769d Inode: 92292416 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 1001/mycocker) Gid: ( 1003/mycocker) Context: unconfined_u:object_r:home_root_t:s0 Access: 2020-12-22 23:26:08.473803721 +0000 Modify: 2020-09-09 10:37:03.964076825 +0000 Change: 2020-09-09 10:37:03.964076825 +0000 Birth: -
The contents are like I would see for my server's error log. I don't understand why they are in the html directory[09-Aug-2020 04:11:52 UTC] PHP Warning: trim() expects parameter 1 to be string, array given in /home/mycocker/public_html/blog/wp-includes/class-wp-query.php on line 777 [27-Aug-2020 23:40:52 UTC] PHP Warning: require(/blog/wp-load.php): failed to open stream: No such file or directory in /home/mycocker/public_html/index_version1.php on line 30 [27-Aug-2020 23:40:52 UTC] PHP Fatal error: require(): Failed opening required '/blog/wp-load.php' (include_path='.:/opt/cpanel/ea-php74/root/usr/share/pear') in /home/mycocker/public_html/index_version1.php on line 300 -
Thanks. At least I know this is to be expected. 0 -
I googled the file name FM_MCSformMail.dat, and whilst it's not conclusive, the fact that it only appears on this forum, would at least give me some confidence that it's not some well known malicious script. 0
Please sign in to leave a comment.
Comments
8 comments