: What is deleteme.xxxxxxxx.php I was going through page hit logs on awstats and I noticed the following two entries: /deleteme.lcivykmt.php /deleteme.nctqicjg.php I was wondering if anyone recognised
I was going through page hit logs on awstats and I noticed the following two entries:
/deleteme.lcivykmt.php
/deleteme.nctqicjg.php
I was wondering if anyone recognised them and whether I should investigate.
I suppose it's nothing to be concerned about because they are listed as page not found errors by my cms but does anyone know what software this would be targetted at?
More posts by @Sarah324
4 Comments
Sorted by latest first Latest Oldest Best
deleteme.???.php is an Installatron temporary script. It should be self-deleting, so the fact that it remains means that the script crashed mid-task. This might have been during the original installation of the application, during a backup, or during an update.
If you have notifications enabled you should receive an email when one of these tasks fails.
And these files should be deleted if you spot them in your account (unless their date stamp is like right "now", of course). The same with old scripts named itron.php.
Those files look like installation files for something like Wordpress, Joomla or Drupal etc. and if left on the system will doubt be a way in for hackers. The 'evil bots' are randomly checking for these kind of files (left over from incomplete installations) in order to find vulnerable sites. Although the 'lcivykmt' part of the filename should be a random string of characters so I would have thought this should be very hard to guess?!
Probably these files would open some attack vector and that's why some evil bots are looking for them on servers they scan.
That's probably a bot testing your site's security. Ban those IPs:
iptables -A INPUT -s <IP> -j DROP
Note: if you reboot, the iptables rules are lost, be sure to use a persistency system.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.