I am seeing this on one of our installs:
Web upload script path : /home/csf/public_html/wp-content
Web upload script URL : http://thedomain.com/wp-content/plugins ... rocess.php
Remote IP : 111.111.111.111
Deleted : No
Quarantined : Yes [/home/cxs/cxscgi/20190902-111450-XW1cGlR8iXLSCGA1s5JanQAAARM-file-DH3JX9.1567448091_1]
NOTE: [/home/csf/public_html/wp-content] does not exist on this server. However, ModSecurity is still triggering cxs to scan the attempted uploading of potentially malicious data
What is causing csf to populate instead of the username of the account?