Odd session cookies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Beginning last Sunday (2 September) I have been finding several oddly named
session cookies each day on my server.  The normal Apache session cookies have
names like "sess_d50280ded90f1dbd48fcfd5fc77baa77".  These new ones have names
like:

sess_mycustomsession
sess_sessionidhere


The content seems strange too, although so far I haven't found anything
important in one of the.  The owner name is often mine, although some have 
"php-fpm" as the file owner.  

Here is an example:

cookie name:  sess_rfc1867-tests-post

cookie content:  

upload_progress_rfc1867_sid_only_cookie_2.php|a:5:{s:10:"start_time";i:153591608
5;s:14:"content_length";i:603;s:15:"bytes_processed";i:603;s:4:"done";b:1;s:5:"f
iles";a:2:{i:0;a:7:{s:10:"field_name";s:5:"file1";s:4:"name";s:9:"file1.txt";s:8
:"tmp_name";s:14:"/tmp/phpQWrbXC";s:5:"error";i:0;s:4:"done";b:1;s:10:"start_tim
e";i:1535916085;s:15:"bytes_processed";i:1;}i:1;a:7:{s:10:"field_name";s:5:"file
2";s:4:"name";s:9:"file2.txt";s:8:"tmp_name";s:14:"/tmp/phpSoCWFv";s:5:"error";i
:0;s:4:"done";b:1;s:10:"start_time";i:1535916085;s:15:"bytes_processed";i:1;}}}

Does anyone have any idea what these are and if I have some sort of a compromise
to the server going on?

Thanks in advance.

John



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux