SHELL.PHP files founder under many accounts !!!
Hello Every one,
Today, while i was auditing my server, I happen to run a search on my server to locate any "shell.php" files and to my surprise i found many !!!
[PHP]/home/irtechi/public_html/website/plugins/editors/jce/tiny_mce/plugins/spellchecker/classes/pspellshell.php
/home/itzone/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/jonathan/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/kcarp/public_html/mobile/wp-includes/Text/Diff/Engine/shell.php
/home/kcarp/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/linxbpro/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/managers/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/mbn/public_html/blog/wp-includes/Text/Diff/Engine/shell.php
/home/mmicom/public_html/wp-includes/Text/Diff/Engine/shell.php
/home/momsfiel/public_html/wp-includes/Text/Diff/Engine/shell.php
[/PHP]
Can anybody on board, Let me know if these files are ok under wordpress and joomla ?
Or should i go ahead and disable these accounts ?
Please advice !!
Thank you
-
A filename tells us nothing about its content if placed by someone who wants to abuse your server infrastructure. The shell.php inside the wordpress installations seems to be a simple wrapper for executing diff [QUOTE]home/www/wordpress/wp-includes/Text/Diff/Engine/shell.php * * This class uses the Unix `diff` program via shell_exec to compute the * differences between the two input arrays. * * $Horde: framework/Text_Diff/Diff/Engine/shell.php,v 1.8 2008/01/04 10:07:50 jan Exp $ * * Copyright 2007-2008 The Horde Project ([url=http://www.horde.org/]The Horde Project)
But without knowing the actual content of these files it is just a guess with odds in mind.0 -
Hello :) It's possible they are just the standard files included with the software, but I recommend reviewing the contents of the files to determine if they are malicious. Thank you. 0 -
I can verify that the shell.php is part of the wordpress install. 0
Please sign in to leave a comment.
Comments
3 comments