Hi

last two days my server load show very very high (66) and netstat show many connections about (250) ....i tried every thing i can do ...but no thing happend ...

so i try to suspend all sites ...then unsuspend them one by one...

finally i discover the site wich cause high ****en load .....

when i check his cgi-bin folder i found these files ....which i added it to attachment .......

so plz i need any one to check them and tell me if that bad files ...

one of them called :

cpanelwrap.cgi


and here you are its content:
#!/usr/bin/perl

print "Content-type: text/html\r\n\r\n";

$quser = $ENV{'QUERY_STRING'};
$quser =~ s/\n//g;
$quser =~ s/\r//g;

chomp($pwd = `pwd`);
open(PASSWD,"/etc/passwd");
while(<PASSWD>){
($name,$x,$uid,$gid,undef,$homedir,$shell) =
split(/:/,$_);
next if (length($homedir) < 3);

if ($pwd =~ /^${homedir}\// || $pwd =~ /^${homedir}$/) {
$founduid = 1;
last;
}
}
close(PASSWD);
if ($founduid) {
print "MYUID: $uid\n";
} else {
if (getpwnam($quser)) {
$uid = (getpwnam($quser))[2];
print "MYUID: $uid\n";
}
}

print "REALUID: $>\n";

thnx in advance

Edit: I'm an idiot..

Those are the scripts for a remote reseller account transfer without root access. :)

:) heheeheheh
thnx :D