[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Strange file in my cgi-bin

Posted on 2006-05-01
Medium Priority
Last Modified: 2012-05-05
I have never seen this file in my cgi-bin directory before and since nobody is allowed access to this server, I can't help but wonder the worst.
Has anyone ever seen a file called 'edit.core' before? This file is 831488 bytes in size and appears to be either compiled code or something along those lines.

I don't know if it belongs to some other software I have installed in my server, but it's definitely nothing I directly recall having put there myself, yet it's user:group is root:wheel.

Any ideas will be extremely appreciated.

Question by:Richard Davis

Expert Comment

ID: 16576038
I can`t say I know much about this, but from what I recall , this should be ok. Thease files are needed for linux managment, and if anyone knows more, just tell the guy. I just wanted to calm down
LVL 12

Author Comment

by:Richard Davis
ID: 16578210
Thanks for the response, guruyaya.

Well, I have FreeBSD, but it probably is unix in general, perhaps. The only confusing part about this though is that I have two servers, both FreeBSD 5.4, both running Apache2.x, MySQL 4, but only one of them has this file in their cgi-bin directory. So, this is what raised my suspiscions about it possibly being either a hack or something else to provide remote access to my server.
LVL 10

Accepted Solution

sleep_furiously earned 1200 total points
ID: 16578949
It's a core dump file.

Apparently a program crashed and wrote out it's crash dump in the cgi-bin directory, so that was probably it's working directory when the process was launched.
In other words, chances are it was a failed test of some sort of cgi program.

If you want to get more information about it, there are a couple of things that can help:
--Checking the date and time might help you remember what you were working on.
--Get some more information about it from the 'file' command:

    file edit.core

That should tell you what executable created it.  If you still have that executable and are motivated to find out more, you can probably use gdb to trace what the fault was.
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

LVL 12

Author Comment

by:Richard Davis
ID: 16579002
Outstanding suggestion!

I ran that file command and it came back with this;

cgi-bin/edit.core: ELF 32-bit LSB core file Intel 80386, version 1 (FreeBSD), FreeBSD-style, from 'edit'

does that mean that I was using the edit command when this took place? I use that command for just about everything except when I need to use vi for chpass stuff.
LVL 12

Author Comment

by:Richard Davis
ID: 16579014
So, I should safely be able to delete this file then, correct?

Thanks a million for that response, also. :)

Assisted Solution

patspam earned 800 total points
ID: 16583809
Yeah, .core files are usually written into the current directory when a program crashes.

For example if you try to start apache and it segfaults, you'll end up with a file called httpd.core in your current directory. These files can be pretty big and can eat up a lot of space if you're not careful!

Safe to delete. The memory dump is only written out to help you debug the error (if you feel that way inclined..).


LVL 12

Author Comment

by:Richard Davis
ID: 16583821
Thanks for your response also patspam.

Although I have been running these servers for a few years now, it seems a never ending learning curve. Always something new coming up to twist your brain around for a bit.

Well, since you completed the answer to my final secondary question, I'm going to split the points between you and sleep_furiously since his initial response pretty much was the needed answer to the brunt of my worries. But thank you very much for partaking in this solution though. :)

Take care for now guys/gals.


Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses
Course of the Month20 days, left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question