Article 7233 at 06/09/25 17:48:22 From: arturs (at mark) netvision.net.il Subject: [coba-e:07233] Re: /var/lib/php/session

Index: [Article Count Order] [Thread]

Date:  Mon, 25 Sep 2006 11:36:46 +0200
From:  Arthur Sherman <arturs (at mark) netvision.net.il>
Subject:  [coba-e:07233] Re: /var/lib/php/session
To:  coba-e (at mark) bluequartz.org
Message-Id:  <004401c6e086$1e6a99e0$3701a8c0@lapxp>
In-Reply-To:  <000401c6e030$5c760bd0$0132a8c0@galacnetmain>
X-Mail-Count: 07233

> Hello,
> 
> Those are just things created by programs. Like programs that require 
> logins.
> Should be safe to remove them. Does those files have 
> information in them?
> I have recently encounter empty php sessions on my bluequartz...
> 
> Regards,
> Hong Gao Qiang

Howdy,

There were several thousands of them.
I checked maybe 10 - no logins.
What string exactly should I look for in such a case?

Also, what was more warrying, why they have been left? i.e., could those be
traces of exploited scripts?


Best,

--
Arthur Sherman

+972-52-4878851
CPTeam