We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
why there is a folder with strange name?
-
- Posts: 301
- Joined: Tue Dec 22, 2015 2:06 pm
why there is a folder with strange name?
I installed VestaCP on CentOS 7 to offer web panel for my Joomla website.
Today I noticed that in the public_html folder, which is the web root of my website, there is a folder with strange name:
Please not this folder name in above texts which were copied from my SSH terminal:
A;ٙr4O???x!?X"?*K?)>K6??7??[}????????
This folder will NOT be shown up if I check my website with FTP client. But on SSH terminal it will show up.
I tried to enter that folder with "cd" command to see what is inside that folder, but the cd command can not work for it.
I tried to delete it with "rmdir" command, then it was deleted.
But, I still have no idea how did that folder being created?
Does this means that my website was hacked?
Thank you.
Today I noticed that in the public_html folder, which is the web root of my website, there is a folder with strange name:
Code: Select all
[root@joomlacloud public_html]# ls
administrator components includes logs remos_downloads
A;ٙr4O???x!?X"?*K?)>K6??7??[}???????? configuration.php index.php media robots.txt
bin demo joomla.xml modules robots.txt.dist
bithost.htaccess downloads language php_errorlog templates
build.xml fpa-en.php layouts php_mail.log tmp
cache htaccess.txt libraries plugins web.config.txt
cli images LICENSE.txt README.txt
[root@joomlacloud public_html]#
A;ٙr4O???x!?X"?*K?)>K6??7??[}????????
This folder will NOT be shown up if I check my website with FTP client. But on SSH terminal it will show up.
I tried to enter that folder with "cd" command to see what is inside that folder, but the cd command can not work for it.
I tried to delete it with "rmdir" command, then it was deleted.
But, I still have no idea how did that folder being created?
Does this means that my website was hacked?
Thank you.
Re: why there is a folder with strange name?
It could either mean:
- Your website has been compromised or;
- Your server has been compromised.
-
- Posts: 301
- Joined: Tue Dec 22, 2015 2:06 pm
Re: why there is a folder with strange name?
OK. I have no idea how to investigate this.
The good news is, I deleted that folder with "rmdir" commander. It seems that it has not been re-created yet.
Thank you.
The good news is, I deleted that folder with "rmdir" commander. It seems that it has not been re-created yet.
Thank you.
Re: why there is a folder with strange name?
You really should check the logs in /var/log/ look for the files named access_log or auth.log I would start with ssh, vesta, proftp, and/or vsftpd access logs and see if you can find anything odd or related to the folder name. Also consider changing your root & admin passwords, configure ssh to a different port.baijianpeng wrote:OK. I have no idea how to investigate this.
The good news is, I deleted that folder with "rmdir" commander. It seems that it has not been re-created yet.
Thank you.
Re: why there is a folder with strange name?
Best to change passwords ftp/ssh/db and update the scripts, if it's possible.baijianpeng wrote:OK. I have no idea how to investigate this.
The good news is, I deleted that folder with "rmdir" commander. It seems that it has not been re-created yet.