Beginning last Sunday (2 September) I have been finding several oddly named
session cookies each day on my server. The normal Apache session cookies have
names like "sess_d50280ded90f1dbd48fcfd5fc77baa77". These new ones have names
like:
sess_mycustomsession
sess_sessionidhere
The content seems strange too, although so far I haven't found anything
important in one of the. The owner name is often mine, although some have
"php-fpm" as the file owner.
Here is an example:
cookie name: sess_rfc1867-tests-post
cookie content:
upload_progress_rfc1867_sid_only_cookie_2.php|a:5:{s:10:"start_time";i:153591608
5;s:14:"content_length";i:603;s:15:"bytes_processed";i:603;s:4:"done";b:1;s:5:"f
iles";a:2:{i:0;a:7:{s:10:"field_name";s:5:"file1";s:4:"name";s:9:"file1.txt";s:8
:"tmp_name";s:14:"/tmp/phpQWrbXC";s:5:"error";i:0;s:4:"done";b:1;s:10:"start_tim
e";i:1535916085;s:15:"bytes_processed";i:1;}i:1;a:7:{s:10:"field_name";s:5:"file
2";s:4:"name";s:9:"file2.txt";s:8:"tmp_name";s:14:"/tmp/phpSoCWFv";s:5:"error";i
:0;s:4:"done";b:1;s:10:"start_time";i:1535916085;s:15:"bytes_processed";i:1;}}}
Does anyone have any idea what these are and if I have some sort of a compromise
to the server going on?
Thanks in advance.
John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|