Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
[solved] Gibberish files in tmp folder
I’ve just done a backup of a site and noticed that the textpattern/tmp folder has 4 files in it I’ve not noticed before, mostly filled with gibberish characters. The files are named:
txp_KdlqXW
txp_tKaUq3
etc
The files start with %PDF-1.4
Is this just an error or is this an indication the site has been (or attempted) hacked? I cant find these files in any of my others TXP sites. The site appears to be operating as normal and is showing no problems under diagnostics.
Last edited by Gocom (2014-03-30 09:12:18)
Offline
Re: [solved] Gibberish files in tmp folder
Are you serving up PDF from your site? That %PDF-1.4 string is the file header for a PDF, so they’re likely (but not certainly) PDFs. Copying one over, renaming and opening it might shed some light – though you should be aware there are PDF exploits that affect vulnerable software, so a known-safe PDF reader would be advisable.
Offline
Re: [solved] Gibberish files in tmp folder
damienbuckley wrote #279408:
Is this just an error or is this an indication the site has been (or attempted) hacked?
Neither really.
Those files are most likely failed file uploads. If the upload process aborts, it leaves trash to the temporary directory. The temporary directory is used as a temporary storage for file uploads (the file is streamed though it) initiated through Textpattern’s admin panel.
And that brings us to the advice part; change your temporary directory. You normally shouldn’t be using that publicly accessible location as your temporary directory. It can be dangerous to leave the directory to that default, especially for a site with multiple users; you can abort the upload request, leaving behind the temporary file and then execute the file through the HTTP server on the server with an other request.
Textpattern really shouldn’t ship with that textpattern/tmp directory default. Most users forget to change that default nor restrict HTTP server’s access to it.
Offline
Re: [solved] Gibberish files in tmp folder
Gocom wrote #279429:
Textpattern really shouldn’t ship with that textpattern/tmp directory default. Most users forget to change that default nor restrict HTTP server’s access to it.
Can you add some words/recommendations to that effect in the new installation instructions doc please?
Offline
Re: [solved] Gibberish files in tmp folder
gaekwad wrote #279411:
Are you serving up PDF from your site? That
%PDF-1.4string is the file header for a PDF, so they’re likely (but not certainly) PDFs. Copying one over, renaming and opening it might shed some light – though you should be aware there are PDF exploits that affect vulnerable software, so a known-safe PDF reader would be advisable.
I’m laughing now to be honest. Yes, yes they are PDF’s and all clean ones thankfully. Thanks
Offline
Re: [solved] Gibberish files in tmp folder
philwareham wrote #279443:
Can you add some words/recommendations to that effect in the new installation instructions doc please?
Seconded. I’ve been using TXP for 10 years and never heard mention of this before. If its a security issue, it should definitely be documented. What do you suggest?
Also, can I simply delete these files, which as noted above are indeed PDF’s the client has uploaded?
Thanks to all for the speedy explanations.
Offline
Re: [solved] Gibberish files in tmp folder
You can definitely delete those files. The system should clear completed uploads from the tmp folder itself so those must have been aborted halfway through upload.
Offline
Re: [solved] Gibberish files in tmp folder
philwareham wrote #279452:
You can definitely delete those files. The system should clear completed uploads from the tmp folder itself so those must have been aborted halfway through upload.
Thanks. I’m always a bit nervous about seeing files I’m not familiar with appear in the file tree!
Offline
Re: [solved] Gibberish files in tmp folder
Gocom wrote #279429:
Neither really.
You normally shouldn’t be using that publicly accessible location as your temporary directory. It can be dangerous to leave the directory to that default, especially for a site with multiple users; you can abort the upload request, leaving behind the temporary file and then execute the file through the HTTP server on the server with an other request.
Textpattern really shouldn’t ship with that textpattern/tmp directory default. Most users forget to change that default nor restrict HTTP server’s access to it.
wow. i never knew that before. any tips/ examples on the proper way . i am assuming Textpattern needs some sort of temp dir
…. texted postive
Offline
Re: [solved] Gibberish files in tmp folder
bici wrote #279454:
wow. i never knew that before. any tips/ examples on the proper way . i am assuming Textpattern needs some sort of temp dir
In general, you will want to use your OS own temporary directories. E.g. /tmp or Window’s temporary directory in the system directory.
Offline