1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Strange large "core files" suddenly appeared, am I being hacked?

Discussion in 'Security' started by domainer_10, May 21, 2008.

  1. #1
    All the sudden I have about 10 different files called Core in the root directory of my SMF forum. (with a number after it) they are a ll 24 megabytes big and permission set to 600.


    I tried to look at what they were in cpanel:

    File Type: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style, from 'php'
    SEMrush


    What the heck are they and what causes them? Is this a hacker?
     
    domainer_10, May 21, 2008 IP
    SEMrush
  2. xous

    xous Active Member

    Messages:
    173
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    60
    #2
    core files are memory dumps of a process that crashed, in this case, probably php.

    This is caused by a flaw in the php interpreter implementation and not necessarily due to anything malicious taking place.
     
    xous, May 22, 2008 IP
  3. domainer_10

    domainer_10 Peon

    Messages:
    1,720
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    0
    #3

    Thanks. Why is it only happening on this site and why all the sudden?
     
    domainer_10, May 22, 2008 IP
  4. phplife

    phplife Peon

    Messages:
    36
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Could be any number of reasons, hardware, your hosting company did patching or upgrading.

    Could have been a unique sequence of events, memory leaks in your script.

    Hard to say, if it happens again, you may want to contact your hosting service and have them investigate.

    You may want to log at your log files. Look at the time of the dump files and look for a log entry. This isn't your web log files, but your server log files.

    phplife
     
    phplife, May 23, 2008 IP
  5. domainer_10

    domainer_10 Peon

    Messages:
    1,720
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    0
    #5
    The server was upgraded to PHP 5 / MySQL 5 in about 2 weeks ago. All the files are dated after that. My sites work fine so not sure what it's about.
     
    domainer_10, May 23, 2008 IP
  6. SPARKS MAN

    SPARKS MAN Peon

    Messages:
    13
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    if its a forum try to erase all message of all user
    and update the php to 5.2.5
    this is all i know
    because the
    corn file is a memory temp file

    and also send report to the server admin about that

    regards
    Eng. ali hashim
     
    SPARKS MAN, May 24, 2008 IP
  7. domainer_10

    domainer_10 Peon

    Messages:
    1,720
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Im at 5.2.5 now.

    what do you mean erase all message of all user?
     
    domainer_10, May 24, 2008 IP
  8. Ladadadada

    Ladadadada Peon

    Messages:
    382
    Likes Received:
    36
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Core dumps are not particularly useful unless you know how to examine and interpret them properly (which I don't, I only have a very basic knowledge of core dumps) but they can be rather nasty if you have them turned on. I have had websites start dumping core so frequently that they filled up the entire hard drive in a matter of minutes. Once the hard drive was full, other parts of the website started to fail and even parts of the whole operating system.

    Unless you have someone who can interpret them for you or you want to start learning the internals of the memory layout of PHP/Apache then I would suggest turning core dumps off. This means that the program will still crash but it won't dump the contents of memory to the disk.

    Unfortunately, I don't remember how to turn them off on Linux but I'm sure Google knows...
     
    Ladadadada, May 31, 2008 IP
  9. domainer_10

    domainer_10 Peon

    Messages:
    1,720
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Im on a shared server so I don't think i could turn them off even if i wanted?
     
    domainer_10, May 31, 2008 IP
  10. mellow-h

    mellow-h Peon

    Messages:
    750
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    0
    #10
    You need to contact your provider to turn them off. Basically, its not possible to turn core files off. Its only possible to dump 0KB core files instead of dumping large files. Your system admin should be able to set a configuration for your username so that core files doesn't take space on your account.
     
    mellow-h, Jun 2, 2008 IP
  11. InFloW

    InFloW Peon

    Messages:
    1,488
    Likes Received:
    39
    Best Answers:
    0
    Trophy Points:
    0
    #11
    Most of the recent PHP core dumps have been related to Zend Optimizer running and url based handling of files (include, fopen ect.). I'd inquire to your host to update to PHP 5.2.6 and update their Zend Optimizer.
     
    InFloW, Jun 3, 2008 IP
  12. domainer_10

    domainer_10 Peon

    Messages:
    1,720
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    0
    #12
    they just updated to 5.2.5 on may 6th

    BTW its only happening on SMF forum.
     
    domainer_10, Jun 3, 2008 IP
  13. kineticdc

    kineticdc Peon

    Messages:
    347
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #13
    This is probably the problem
     
    kineticdc, Jul 28, 2008 IP
  14. domainer_10

    domainer_10 Peon

    Messages:
    1,720
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    0
    #14
    So you think something is wrong with SMF in conjunction with PHP 5.2.5?
     
    domainer_10, Jul 28, 2008 IP
  15. simonspurr

    simonspurr Peon

    Messages:
    604
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    0
    #15
    I just did a search on DP cos I am having the same trouble too
    I will give your ideas a go
    I wouldn't have thought it would be to do with the PHP 5.2.5
     
    simonspurr, Sep 20, 2008 IP
  16. nimhost

    nimhost Active Member

    Messages:
    235
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    58
    #16
    I'm agree with this but until know i didn't know how to use this file to fix the code :)

    everyday i got lot's of core.* files dumped for my proxy site :(
     
    nimhost, Sep 20, 2008 IP
  17. domainer_10

    domainer_10 Peon

    Messages:
    1,720
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    0
    #17
    I think hostgator just didn't do things right cause i remember reading someone else having this problem with them.
     
    domainer_10, Sep 20, 2008 IP
  18. nimhost

    nimhost Active Member

    Messages:
    235
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    58
    #18
    the newest cpanel easy apache supporting php 5.2.6 and i still got the core files on my proxy site

    how to look on it ?
     
    nimhost, Sep 21, 2008 IP
  19. domainer_10

    domainer_10 Peon

    Messages:
    1,720
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    0
    #19

    hmmm, must be the hostings bad configuration then.
     
    domainer_10, Sep 21, 2008 IP
  20. nimhost

    nimhost Active Member

    Messages:
    235
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    58
    #20
    what bad configuration you mean ?
    it's does not show any error on error_log

    that's why i want to know how to check it :)
     
    nimhost, Sep 21, 2008 IP