Romantic Robot Working on it.

12:22 Sun 17 Jul 2005

i2pg3xFBrCDzkIgN

Filed under: Tech — 12:22 Sun 17 Jul 05

The above is a typical password I would use. 16 random characters. So it has come as a small surprise that somehow some files got planted into my domain. I was syncing backups when I noticed that in the /cgi-bin/ which I never use, 4 files had appeared:

  • cgiecho
  • cgiemail
  • entropybanner.cgi
  • randhtml.cgi

Odd. So I changed permissions on the directory and got in touch with ASO. They’ve added nothing – and I certainly added nothing. It seems that those files are something to do with emailing but further than that I have no clue. I’ve deleted them now, changed my password, and the /cgi-bin/ directory cannot now do anything but how those files actually got there is a mystery – unless it’s someone on the same server doing funky stuff ?

6 Comments »

  1. Sounds an awful lot like regular pre-packaged scripts to me. Are you sure they weren’t there when you signed up this account? otherwise I’d highly suspect them from installing them at some point… Frankly doubt it’s the work of a hacker.

    Comment by dr Dave — 12:55 Sun 17 Jul 2005 @ 12:55 Sun 17 Jul 05

  2. Absolutely certain they were not there.
    I sync backups weekly and the cgi-bin has always been empty – I checked it when I signed up. The files were dated 9 July and ASO claim no part.
    I’m not particularly bothered more curious..

    Comment by Mark — 13:06 Sun 17 Jul 2005 @ 13:06 Sun 17 Jul 05

  3. Being as we have the same host Mark, I checked my cgi bin folder and report no files in there. But then I have not been doing sync backups.

    Comment by joss — 19:18 Sun 17 Jul 2005 @ 19:18 Sun 17 Jul 05

  4. I have those files on my system, but that’s because they are pre-installed cgi scripts that come with cpanel. Of cource… I’m just going by their names…

    Comment by Gregory — 12:22 Mon 18 Jul 2005 @ 12:22 Mon 18 Jul 05

  5. Those, I believe, are pre-installed scripts.

    I’ve seen them in Fantastico (web script auto-installer, FYI), such as Entropy Banner and Random HTML.

    Comment by shorty114 — 04:59 Tue 19 Jul 2005 @ 04:59 Tue 19 Jul 05

  6. I’m pretty sure it could be a Fanastico thing. I noticed them once on my old domain and was thoroughly confused as to how they got there, but I literally just tested it out with purple-lilacs.com and they appeared, just from installing a quick script with Fantastico. I just randomly clicked a script, think it was the phoFormthingy…so I can’t verify if it does this with any install, but the cgi-bin was definitely empty before I ran it.

    Comment by Cyndy — 21:13 Wed 20 Jul 2005 @ 21:13 Wed 20 Jul 05

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress