Lately, my /tmp directory is running full of files named phpxltmp[unique-code]. Does this look like something CA could do, or more like a by-product of an attack? The files are filled with binary gibberish or some encoded stuff - cant tell. Most of them are 58 mb in size. I also tried to reencode media lately tin order to safe diskspace - maybe that could have to do with it? Pitty is that it fills up the root partition thus stopping the whole site...