Suspicious File Alert

Post Reply
florin
Junior Member
Posts: 4
Joined: 16 Jan 2013, 13:12

Suspicious File Alert

Post by florin »

Hello,
we have a lot of this kind of email from firewall,
can you help us to do something?


-----Original Message-----
From: root@server8
[mailto:root@server8]
Sent: Tuesday, January 15, 2013 9:33 AM
To: firewa
Subject: lfd on server8: Suspicious File Alert

Time: Tue Jan 15 09:32:44 2013 +0200
File: /tmp/sh.php
Reason: Script, file extension
Owner: catalog:catalog (1546:1539)
Action: Moved into /etc/csf/suspicious.tar
Black Tiger
Junior Member
Posts: 73
Joined: 17 Feb 2009, 14:14
Contact:

Re: Suspicious File Alert

Post by Black Tiger »

You should check your log files where it's coming from.
Check /var/log/messages, ftp logs. Somewhere this sh.php must turn up where it's coming from.
Could be a hackers script.

I presume you already used the /scripts/securetmp script from Cpanel? Or don't you use Cpanel?
nixtree123
Junior Member
Posts: 4
Joined: 20 Aug 2016, 13:27

Re: Suspicious File Alert

Post by nixtree123 »

How to completely disable suspicious file alert from lfd ?
Black Tiger
Junior Member
Posts: 73
Joined: 17 Feb 2009, 14:14
Contact:

Re: Suspicious File Alert

Post by Black Tiger »

You have to bump a 5 year old question for that?
Should have created a new thread for it.

Next to that, it's easy to find if you read the config file. I would advise against it, but it can be done by setting these settings like this:
PT_LIMIT = "0"
PT_DELETED = "1"

Don't forget to restart csf and lfd after making these changes.
Post Reply