cancel
Showing results for 
Search instead for 
Did you mean: 

.bash_history file in my web space

ratbag
Grafter
Posts: 369
Registered: 01-08-2007

.bash_history file in my web space

Hello all,
I've heard of 'bash'  but that's as far as it goes. However, I found a .bash_history file in my web space today which shows commands cd and ls, which I assume are change directory and list. It looks like 'someone' has been trying to find some downloadable files I have. Is this normal? Should someone be able to access my web space using bash commands in this way?
Thanks for any help,
Barry.
6 REPLIES
Community Veteran
Posts: 26,678
Thanks: 900
Fixes: 10
Registered: 10-04-2007

Re: .bash_history file in my web space

Is that on ccgi or the normal homepages?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
ratbag
Grafter
Posts: 369
Registered: 01-08-2007

Re: .bash_history file in my web space

ccgi.
Many thanks,
Barry.
Community Veteran
Posts: 26,678
Thanks: 900
Fixes: 10
Registered: 10-04-2007

Re: .bash_history file in my web space

Have you checked the date time on the file? It could have been PN when they were moving everything across to the new ccgi servers and had to check some sites for problems.
(The date on mine is Oct 2008 - before the shell lockdown)
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
ratbag
Grafter
Posts: 369
Registered: 01-08-2007

Re: .bash_history file in my web space

The date says 19/04/2010. The site's only been up for a few weeks.
Here is the code with the real directory and php file names changed:

ls -l
cd cgi-bin/
ls
cd ..
cd directory_with_unguessable_name
ls -l
more interesting_file.php

The directory_with_unguessable_name 'should' only be know to someone who I've sent a direct link to.
Would more interesting_file.php list the contents of that file?
Thanks for any help,
Barry.
Community Veteran
Posts: 26,678
Thanks: 900
Fixes: 10
Registered: 10-04-2007

Re: .bash_history file in my web space

The ccgi upgrade was all finished before the end of March.
More does list the contents of the file.
I'm wondering if someone from PN took a look at your website as a result of http://community.plus.net/forum/index.php/topic,85268.0.html
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
ratbag
Grafter
Posts: 369
Registered: 01-08-2007

Re: .bash_history file in my web space

I think I need couple of things clarified:
1) Are Plusnet responsible for the bash activity on my ccgi space on 19/04/2010.
2) If not, then how is someone able to access and read the contents of my php files using bash commands?
Either way, I need to find out as this is very important for both privacy and security. I'd be surprised if it were Plusnet, because when they removed my site due to bandwidth overuse, they actually removed the normal www space and not the ccgi where my site is hosted.
Thanks jelv  for your help,
Barry.