Strange files appearing in my web directory.

Hi there,
I trust you are well.

I have a very strange issue at the moment on my ISPConfig 3 install.
There are root owned directories appearing in my web directory, which I cannot delete no matter what I do. I've attached an image for reference.

Code:

# ls -la /var/www/clients/client1/web8/
total 108
drwxr-xr-x 17 root root     4096 Nov  8 09:07 .
drwxr-xr-x  3 root root     4096 Nov  7 16:19 ..
drwxr-xr-x  2 web8 client1  4096 Nov  7 16:19 backup
lrwxrwxrwx  1 root root        7 Nov  8 09:07 bin -> usr/bin
drwxr-xr-x  2 web8 client1  4096 Nov  7 16:19 cgi-bin
drwxr-xr-x  2 root root     4096 Nov  8 09:07 dev
drwxr-xr-x  6 root root     4096 Nov  8 09:07 etc
drwxr-xr-x  3 web8 root     4096 Nov  8 09:07 home
lrwxrwxrwx  1 root root        7 Nov  8 09:07 lib -> usr/lib
lrwxrwxrwx  1 root root        9 Nov  8 09:07 lib64 -> usr/lib64
drwxr-xr-x  2 web8 client1  4096 Nov  8 09:04 log
drwx--x---  7 web8 client1  4096 Nov  7 16:21 private
drwxr-xr-x  3 root root     4096 Nov  8 09:07 run
drwx------  2 web8 client1  4096 Nov  7 16:19 .ssh
drwxr-xr-x  2 web8 client1  4096 Nov  7 16:19 ssl
drwxrwxrwx  2 web8 client1 40960 Nov  8 09:23 tmp
drwxr-xr-x  7 root root     4096 Nov  8 09:07 usr
drwxr-xr-x  4 root root     4096 Nov  8 09:07 var
drwx--x--x 16 web8 client1  4096 Nov  7 16:33 web
drwx--x---  2 web8 client1  4096 Nov  7 16:19 webdav

Originally this site was in /var/www/clients/client1/web3
I deleted this site, and recreated it, which created the /var/www/clients/client1/web8 directory, and all was well but this morning the files were recreated.

I've tried changing the attributes, resetting root permissions and ownership, but I cannot delete them. The only time they are deleted is when the site is removed by ISPConfig itself.

I also don't know where they are coming from
I've never seen anything like this.

Please if anyone can assist.

 

Correct me if im wrong, these are created by a chrooted user - sites > Command Line > SSH/SFTP-User.
they give access to systems files within the website directory, so it uses them and not the main system binarys
basically locking everything within the website folder stopping the user having access to the whole system.
Just go inside the web folder for your website files www.here.com/ <- is where the web is

 

Thank you for the reply.

So this is not something I have to worry about?

I have not activated Chroot for that web user, so I assume it is a system wide setting?

 

it could be that chrooted php is now the default for new websites on your system. (server config -> server -> web -> php settings) or enabled by checkbox on website options tab (also shows as enabled here if it's set as the default in the server config)
it could be that an jailkitted ssh login was created for that website,
or it could be that one or more jailkit chrooted app or app section was specified for the website, again on the website options tab.