Author Topic: Suspicious File Alert mail every night  (Read 24444 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Suspicious File Alert mail every night
« on: October 08, 2015, 09:21:02 PM »
Hello.

Can someone tell me why I get those mails every night?

What can I do to prevent this, and is it something that I need to worry about?

Time:   Thu Oct  8 00:05:09 2015 +0000
File:   /tmp/apache-build/apr-1.5.1/configure
Reason: Script, starts with #!
Owner:  : (1000:1000)
Action: No action taken

Time:   Thu Oct  8 00:05:09 2015 +0000
File:   /tmp/apache-build/apr-1.5.1/buildconf
Reason: Script, starts with #!
Owner:  : (1000:1000)
Action: No action taken

Time:   Thu Oct  8 00:05:09 2015 +0000
File:   /tmp/apache-build/apr-1.5.1/apr-config.in
Reason: Script, starts with #!
Owner:  : (1000:1000)
Action: No action taken

Time:   Thu Oct  8 00:05:08 2015 +0000
File:   /tmp/apache-build/suphp-0.7.1/config/ltmain.sh
Reason: Script, file extension
Owner:  : (1000:1000)
Action: No action taken

Time:   Thu Oct  8 00:05:08 2015 +0000
File:   /tmp/apache-build/suphp-0.7.1/config/install-sh
Reason: Script, starts with #!
Owner:  : (1000:1000)
Action: No action taken

Time:   Thu Oct  8 00:05:08 2015 +0000
File:   /tmp/apache-build/suphp-0.7.1/configure
Reason: Script, starts with #!
Owner:  : (1000:1000)
Action: No action taken

Time:   Thu Oct  8 00:05:08 2015 +0000
File:   /tmp/apache-build/suphp-0.7.1/config/config.sub
Reason: Script, starts with #!
Owner:  : (1000:1000)
Action: No action taken

Time:   Thu Oct  8 00:05:08 2015 +0000
File:   /tmp/apache-build/suphp-0.7.1/config/config.guess
Reason: Script, starts with #!
Owner:  : (1000:1000)
Action: No action taken

Time:   Thu Oct  8 00:05:08 2015 +0000
File:   /tmp/apache-build/suphp-0.7.1/config/depcomp
Reason: Script, starts with #!
Owner:  : (1000:1000)
Action: No action taken

Time:   Thu Oct  8 00:05:08 2015 +0000
File:   /tmp/apache-build/suphp-0.7.1/config/missing
Reason: Script, starts with #!
Owner:  : (1000:1000)
Action: No action taken

Regards
Thomas.

Offline
**
Re: Suspicious File Alert mail every night
« Reply #1 on: October 09, 2015, 06:28:37 AM »
Did you re compile Apache ?

Offline
*
Re: Suspicious File Alert mail every night
« Reply #2 on: October 11, 2015, 07:26:22 PM »
No. The crew here at CWP installed and compiled CentOS, and I have not recompiled it afterwords..

/Thomas.

Offline
*
Re: Suspicious File Alert mail every night
« Reply #3 on: October 13, 2015, 05:27:26 AM »
you can simply delete this files, but you should be careful with this command as you could end-up with your server deleted.
Code: [Select]
rm -Rf /tmp/apache-build/
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: Suspicious File Alert mail every night
« Reply #4 on: January 20, 2016, 09:51:02 PM »
Will this work for php-build also in the tmp directory?

File:   /tmp/php-build/php-5.4.45/*

Offline
*
Re: Suspicious File Alert mail every night
« Reply #5 on: January 20, 2016, 11:14:52 PM »
yes
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: Suspicious File Alert mail every night
« Reply #6 on: March 09, 2016, 08:19:47 AM »
File:   /tmp/apache-build/httpd-2.2.27/server/core.o
Reason: Linux Binary
Owner:  root:root (0:0)
Action: No action taken

i give this message every hour. how can i fix this ?

Offline
*
Re: Suspicious File Alert mail every night
« Reply #7 on: March 20, 2016, 02:02:07 PM »
Append at the end of /etc/csf/csf.fignore those 2 rows
Code: [Select]
/tmp/apache-build/.*
/tmp/php-build/.*
After that restart lfd and everything will be ok :) I prefer this approach will be better if is added as CWP CUSTOM rules as as the rows in /etc/csf/csf.pignore
« Last Edit: March 20, 2016, 02:05:58 PM by Neo2SHYAlien »
“Would you tell me, please, which way I ought to go from here?”
“That depends a good deal on where you want to get to,” said the Cat.
“I don’t much care where–” said Alice.
“Then it doesn’t matter which way you go,” said the Cat.
Neo2SHYAlien's Blog

Offline
*
Re: Suspicious File Alert mail every night
« Reply #8 on: March 24, 2016, 10:46:28 PM »
thank you for your support dude.
 ;)

Offline
*
Re: Suspicious File Alert mail every night
« Reply #9 on: March 26, 2016, 10:59:29 PM »
Append at the end of /etc/csf/csf.fignore those 2 rows
Code: [Select]
/tmp/apache-build/.*
/tmp/php-build/.*
After that restart lfd and everything will be ok :) I prefer this approach will be better if is added as CWP CUSTOM rules as as the rows in /etc/csf/csf.pignore

Can you just add these two lines as is to pignore or does it require a different format?

Offline
*
Re: Suspicious File Alert mail every night
« Reply #10 on: March 27, 2016, 04:38:39 AM »
Can you just add these two lines as is to pignore or does it require a different format?

You should add them to /etc/csf/csf.fignore not ot pignoner file. pigone is for process ignoring respectively fignore for file ignoring rules :)
“Would you tell me, please, which way I ought to go from here?”
“That depends a good deal on where you want to get to,” said the Cat.
“I don’t much care where–” said Alice.
“Then it doesn’t matter which way you go,” said the Cat.
Neo2SHYAlien's Blog