Suspicious File Alert

Hi,

my main version of the PHP is 7.2.5. With PHP SELECTOR  I installed PHP 7.1  and now I'm running both ...
I have received e-mail messages, all of them with the same subject - "lfd on myhosting.com: Suspicious File Alert", with the following content:

Time: Thu Jul 12 00:05:04 2018 +0300
File: /tmp/php-build/php-7.1.17/config.sub
Reason: Script, starts with #!
Owner: v:v (1000:1000)
Action: No action taken

This message with the same subject and content I received for the following files:
File: /tmp/php-build/php-7.1.17/config.sub
File: /tmp/php-build/php-7.1.17/run-tests.php
File: /tmp/php-build/php-7.1.17/snapshot
File: /tmp/php-build/php-7.1.17/ltmain.sh
File: /tmp/php-build/php-7.1.17/genfiles
File: /tmp/php-build/php-7.1.17/config.guess
File: /tmp/php-build/php-7.1.17/configure
File: /tmp/php-build/php-7.1.17/server-tests-config.php
File: /tmp/php-build/php-7.1.17/makedist
File: /tmp/php-build/php-7.1.17/server-tests.php

I also received a message with the same subject, but with a different content:

Time: Thu Jul 12 00:05:04 2018 +0300
File:
Reason:
Owner:
Action: Too many hits for *LF_DIRWATCH* - Directory Watching disabled

Pls for information about such a case and whether there is a danger?!?

What do I do?

Thanks in advance!

BR

Venty

Hi,

this is normal.
The php selector script activate to many changes in the tmp folder and creating these false positives.
CSF can give several false positives.
Like when you update your server you will receive a warning that several files has been changed.
You should only be worried when you receive this kind of warning while you were doing nothing to the server.

Check this post for the solution:- http://forum.centos-webpanel.com/apache/suspicious-file-alert-mail-every-night/

delete that folder

Code: [Select]

rm -rf /tmp/php-build
new cwp is cleaning this automatically so it will not occur again.