ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Suspicious File Alert

https://mail.forum.configserver.com/viewtopic.php?t=6148

Page 1 of 1

Suspicious File Alert

Posted: 16 Jan 2013, 13:25
by florin
Hello,
we have a lot of this kind of email from firewall,
can you help us to do something?


-----Original Message-----
From: root@server8
[mailto:root@server8]
Sent: Tuesday, January 15, 2013 9:33 AM
To: firewa
Subject: lfd on server8: Suspicious File Alert

Time: Tue Jan 15 09:32:44 2013 +0200
File: /tmp/sh.php
Reason: Script, file extension
Owner: catalog:catalog (1546:1539)
Action: Moved into /etc/csf/suspicious.tar

Re: Suspicious File Alert

Posted: 18 Jan 2013, 15:06
by Black Tiger
You should check your log files where it's coming from.
Check /var/log/messages, ftp logs. Somewhere this sh.php must turn up where it's coming from.
Could be a hackers script.

I presume you already used the /scripts/securetmp script from Cpanel? Or don't you use Cpanel?

Re: Suspicious File Alert

Posted: 28 Mar 2018, 12:40
by nixtree123
How to completely disable suspicious file alert from lfd ?

Re: Suspicious File Alert

Posted: 28 Mar 2018, 14:09
by Black Tiger
You have to bump a 5 year old question for that?
Should have created a new thread for it.

Next to that, it's easy to find if you read the config file. I would advise against it, but it can be done by setting these settings like this:
PT_LIMIT = "0"
PT_DELETED = "1"

Don't forget to restart csf and lfd after making these changes.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited