Skip to main content

Came across this weird folder setup on one of our servers

sahostking
The below looks like a bunch of symlinks. Luckily we use Cagefs so I doubt anything happened further. Well I hope so. Looks like it has been like this for months. How do I safely fix it? root@# [/home/complete]# ls -lsah total 132K 4.0K drwx--x--x 4 complete complete 4.0K Jul 17 12:30 ./ 20K drwx--x--x 775 root root 20K Jul 24 10:11 ../ 12K -rw-r--r-- 1 root root 11K Nov 27 2013 access-logs 4.0K -rw-r--r-- 1 complete complete 18 Feb 21 2013 .bash_logout 4.0K -rw-r--r-- 1 complete complete 176 Feb 21 2013 .bash_profile 4.0K -rw-r--r-- 1 complete complete 124 Feb 21 2013 .bashrc 4.0K drwxrwx--x 2 complete complete 4.0K Jul 16 21:57 .cagefs/ 16K -rw-r--r-- 1 root root 13K Nov 27 2013 .cl.selector 4.0K -rw------- 1 complete complete 17 Mar 9 2013 .contactemail 4.0K dr-xrwxr-x 2 securervsite securervsite 4.0K Nov 25 2013 .cpanel/ 4.0K lrwxrwxrwx 1 cthrufen securervsite 71 Jun 22 2013 cpanel3-skel -> \n 4.0K -rw-r----- 1 complete complete 1 Mar 10 2013 cpbackup-exclude.conf 0 -rw-r--r-- 1 complete complete 0 Feb 3 15:48 dailyreport_off 4.0K -rw-r--r-- 1 complete complete 64 Nov 15 2013 delay_spam_lover 4.0K lrwxrwxrwx 1 condilfs securervsite 71 Aug 22 2013 etc -> \v 4.0K lrwxrwxrwx 1 diversec securervsite 71 Feb 27 2013 .htpasswds -> \b 4.0K -rw------- 1 complete complete 15 May 26 10:15 .lastlogin 4.0K lrwxrwxrwx 1 coareetq securervsite 71 Jan 13 2013 mail -> \f 4.0K lrwxrwxrwx 1 541 securervsite 71 Dec 3 2012 public_ftp -> \r 4.0K lrwxrwxrwx 1 techfive securervsite 71 Apr 18 2013 public_html -> \016 4.0K drwxr-xr-x 3 root root 4.0K Jan 8 2014 .rvglobalsoft/ 0 -rw-r--r-- 1 complete complete 0 Oct 30 2013 s_imapstatus 4.0K lrwxrwxrwx 1 babysafe securervsite 71 Jan 30 2013 .softaculous -> \t 4.0K lrwxrwxrwx 1 972 securervsite 71 Jul 20 2013 ssl -> \017 4.0K lrwxrwxrwx 1 pcdrcoza securervsite 71 Nov 20 2012 tmp -> \020 4.0K drwxr-xr-x 4 root root 4.0K Sep 5 2013 www/

Comments

1 comment

Date Votes
  • cPanelMichael
    Hello :) Is that an account that you created at some point in the past? I'm not sure that is something that is fixable, but you should likely investigate what happened to determine if your server has been exploited. Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post