I recently found that a number of strange text files had turned up in various shared hosting accounts that I manage.
[me@host public_html]$ ls | egrep '.{32}.txt'
029951C23F605A18X3368D97F94D62E6.txt
0CCBBCS862CA8845E7F14BE19299AAC0.txt
1D5C272AC2BF50882253D83C5S73DH00.txt
4B12DBC7528B2AFG111329BH25990601.txt
4E1J68B9BDD096ED347AC5C5D0927821.txt
BDED14F9E80K70CFG8B4V8AFB4397A78.txt
DD27ASA1FA20E4DE8259B713DC358CEE.txt
The contents of these files contained an md5 hash and ‘comodoca.com’:
[me@host public_html]$ cat 029951C23F605A18X3368D97F94D62E6.txt
f0df7d3dhe2ad3b66f596ed5ed8k1d188d7925ae
comodoca.com
This got me worried that the server had been compromised.
However, it turns out that cPanel have added Auto SSL by Comodo to WHM v.60 and it is enabled by default. The files are Auto SSL check logs that are created when the Auto SSL’s cron job runs and they can be ignored.
In my case the hosting provider had forgotten to turn off Auto SSL. I deleted the files when they did so.
