I can't figure out how to ignore this folder which is in the server tmp folder. This is a wordpress plugin called zip recipes. It generates these cache files constantly, so I get an email every few minutes. Here is what I tried below. Any ideas on what I am doing wrong?
lfd Suspicious File Alert
Time: Tue Sep 10 11:00:43 2019 -0400
File: /tmp/zip-recipes/cache/ed/ed7695e8da10923427cd3a71560a65ea51ca83eed3d41f4580d3e00a1bda65d2.php
Reason: Script, file extension
Owner: websitecom:websitecom (609:608)
Action: No action taken
Tried the following:
1. edited: /etc/csf/csf.signore
/tmp/zip-recipes/*
/tmp/zip-recipes/cache/*
/tmp/zip-recipes/cache/*/
2. edited: /etc/csf/csf.fignore
/tmp/zip-recipes/
/tmp/zip-recipes/cache/
3. edited: /etc/csf/csf.pignore
exe:/tmp/zip-recipes
exe:/tmp/zip-recipes/.*
exe:/tmp/zip-recipes/.*/.*
Can't stop script alert even after whitelisting folder
-
BallyBasic79
- Junior Member
- Posts: 80
- Joined: 22 Aug 2019, 21:43
Re: Can't stop script alert even after whitelisting folder
In csf.fignore, does this work?
/tmp/zip-recipes/cache/ed/.*\.php
/tmp/zip-recipes/cache/ed/.*\.php
Re: Can't stop script alert even after whitelisting folder
Thanks for our input, I really appreciate it. This has been bugging me for a while.
The "ed" portion changes as well as the php file. So I just changed it to this:
/tmp/zip-recipes/cache/.*/.*\.php
I will see how this works!
The "ed" portion changes as well as the php file. So I just changed it to this:
/tmp/zip-recipes/cache/.*/.*\.php
I will see how this works!