A week ago I received an email saying:
Time: Wed May 15 19:08:50 2024 -0400
File: /tmp/alfacgiapi/getheader.alfa
Reason: Script, starts with #!
Owner: fromhigher:fromhigher (1013:1014)
Action: No action taken
I went in and found that the site was hacked, deleted everything, restored and patched from a clean backup. Also emptied the trash on that account. However, I keep getting this same email a couple of times each day even though I can verify that the file no longer exists at that location. Any idea what is going on?
getting repeated suspicious file emails even though file was removed
Re: getting repeated suspicious file emails even though file was removed
Do you have ImunifyAV installed in your server?
If you don't, I recommend you to install it and run an scan.
ImunifyAV has two versions, you can use the free one to check your server, that will show you if there is bad code in your server.
If ImunifyAV encounters a file with bad code, you can use ConfigServer CXS to create an MD5SUM of the file and add it to your CXS bad list.
Sergio
If you don't, I recommend you to install it and run an scan.
ImunifyAV has two versions, you can use the free one to check your server, that will show you if there is bad code in your server.
If ImunifyAV encounters a file with bad code, you can use ConfigServer CXS to create an MD5SUM of the file and add it to your CXS bad list.
Sergio