Hello,
we have a lot of this kind of email from firewall,
can you help us to do something?
-----Original Message-----
From: root@server8
[mailto:root@server8]
Sent: Tuesday, January 15, 2013 9:33 AM
To: firewa
Subject: lfd on server8: Suspicious File Alert
Time: Tue Jan 15 09:32:44 2013 +0200
File: /tmp/sh.php
Reason: Script, file extension
Owner: catalog:catalog (1546:1539)
Action: Moved into /etc/csf/suspicious.tar
Suspicious File Alert
-
Black Tiger
- Junior Member
- Posts: 73
- Joined: 17 Feb 2009, 14:14
- Contact:
Re: Suspicious File Alert
You should check your log files where it's coming from.
Check /var/log/messages, ftp logs. Somewhere this sh.php must turn up where it's coming from.
Could be a hackers script.
I presume you already used the /scripts/securetmp script from Cpanel? Or don't you use Cpanel?
Check /var/log/messages, ftp logs. Somewhere this sh.php must turn up where it's coming from.
Could be a hackers script.
I presume you already used the /scripts/securetmp script from Cpanel? Or don't you use Cpanel?
-
nixtree123
- Junior Member
- Posts: 4
- Joined: 20 Aug 2016, 13:27
Re: Suspicious File Alert
How to completely disable suspicious file alert from lfd ?
-
Black Tiger
- Junior Member
- Posts: 73
- Joined: 17 Feb 2009, 14:14
- Contact:
Re: Suspicious File Alert
You have to bump a 5 year old question for that?
Should have created a new thread for it.
Next to that, it's easy to find if you read the config file. I would advise against it, but it can be done by setting these settings like this:
PT_LIMIT = "0"
PT_DELETED = "1"
Don't forget to restart csf and lfd after making these changes.
Should have created a new thread for it.
Next to that, it's easy to find if you read the config file. I would advise against it, but it can be done by setting these settings like this:
PT_LIMIT = "0"
PT_DELETED = "1"
Don't forget to restart csf and lfd after making these changes.