Ping a Specific Port

Question

Dean

Asked: 2015-05-29 03:25:55 +0800 CST2015-05-29 03:25:55 +0800 CST 2015-05-29 03:25:55 +0800 CST

Apache on Ubuntu 12.04: How to find what causes folder to appear under /var/www [duplicate]

772

I noticed that a folder with the name of a website I removed keeps appearing under /var/www. I checked and it is created by www-data. I suspect that it's something malicious.

How can I find out what causes this?

2 Answers

Voted

Andie Hunt · Answer 1 · 2015-05-29T03:59:50+08:00

Andie Hunt

2015-05-29T03:59:50+08:002015-05-29T03:59:50+08:00

There's nothing that Apache itself would do to create a folder within /var/www. You might have some other software doing it--maybe a configuration panel.

You're right to be suspicious, but you should spend just a little time ruling out something else legit. Apache's not it, though.

0

Konrad Gajewski · Answer 2 · 2015-05-29T06:45:32+08:00

Konrad Gajewski

2015-05-29T06:45:32+08:002015-05-29T06:45:32+08:00

Obviously you want the exact process name that causes it. I would suggest something like auditd to monitor the directory in question, and pinpoint the culprit. You can find a lot of tutorials on the web regarding how to set it up and use, so I will not repost it here. If you run into troubles, or do find what causes it, post a comment.

-2

Apache on Ubuntu 12.04: How to find what causes folder to appear under /var/www [duplicate]

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?