why there is a folder with strange name?
-
baijianpeng
- Posts: 301
- Joined: Tue Dec 22, 2015 2:06 pm
why there is a folder with strange name?
I installed VestaCP on CentOS 7 to offer web panel for my Joomla website.
Today I noticed that in the public_html folder, which is the web root of my website, there is a folder with strange name:
Please not this folder name in above texts which were copied from my SSH terminal:
A;ٙr4O???x!?X"?*K?)>K6??7??[}????????
This folder will NOT be shown up if I check my website with FTP client. But on SSH terminal it will show up.
I tried to enter that folder with "cd" command to see what is inside that folder, but the cd command can not work for it.
I tried to delete it with "rmdir" command, then it was deleted.
But, I still have no idea how did that folder being created?
Does this means that my website was hacked?
Thank you.
Today I noticed that in the public_html folder, which is the web root of my website, there is a folder with strange name:
Code: Select all
[root@joomlacloud public_html]# ls
administrator components includes logs remos_downloads
A;ٙr4O???x!?X"?*K?)>K6??7??[}???????? configuration.php index.php media robots.txt
bin demo joomla.xml modules robots.txt.dist
bithost.htaccess downloads language php_errorlog templates
build.xml fpa-en.php layouts php_mail.log tmp
cache htaccess.txt libraries plugins web.config.txt
cli images LICENSE.txt README.txt
[root@joomlacloud public_html]#
A;ٙr4O???x!?X"?*K?)>K6??7??[}????????
This folder will NOT be shown up if I check my website with FTP client. But on SSH terminal it will show up.
I tried to enter that folder with "cd" command to see what is inside that folder, but the cd command can not work for it.
I tried to delete it with "rmdir" command, then it was deleted.
But, I still have no idea how did that folder being created?
Does this means that my website was hacked?
Thank you.
Re: why there is a folder with strange name?
It could either mean:
- Your website has been compromised or;
- Your server has been compromised.
-
baijianpeng
- Posts: 301
- Joined: Tue Dec 22, 2015 2:06 pm
Re: why there is a folder with strange name?
OK. I have no idea how to investigate this.
The good news is, I deleted that folder with "rmdir" commander. It seems that it has not been re-created yet.
Thank you.
The good news is, I deleted that folder with "rmdir" commander. It seems that it has not been re-created yet.
Thank you.
Re: why there is a folder with strange name?
You really should check the logs in /var/log/ look for the files named access_log or auth.log I would start with ssh, vesta, proftp, and/or vsftpd access logs and see if you can find anything odd or related to the folder name. Also consider changing your root & admin passwords, configure ssh to a different port.baijianpeng wrote:OK. I have no idea how to investigate this.
The good news is, I deleted that folder with "rmdir" commander. It seems that it has not been re-created yet.
Thank you.
Re: why there is a folder with strange name?
Best to change passwords ftp/ssh/db and update the scripts, if it's possible.baijianpeng wrote:OK. I have no idea how to investigate this.
The good news is, I deleted that folder with "rmdir" commander. It seems that it has not been re-created yet.