Author Topic: Suspicious File Alert  (Read 10914 times)

0 Members and 1 Guest are viewing this topic.

Offline
***
Suspicious File Alert
« on: July 12, 2018, 07:55:10 AM »
Hi,

my main version of the PHP is 7.2.5. With PHP SELECTOR  I installed PHP 7.1  and now I'm running both ...
I have received e-mail messages, all of them with the same subject - "lfd on myhosting.com: Suspicious File Alert", with the following content:

Time: Thu Jul 12 00:05:04 2018 +0300
File: /tmp/php-build/php-7.1.17/config.sub
Reason: Script, starts with #!
Owner: v:v (1000:1000)
Action: No action taken

This message with the same subject and content I received for the following files:
File: /tmp/php-build/php-7.1.17/config.sub
File: /tmp/php-build/php-7.1.17/run-tests.php
File: /tmp/php-build/php-7.1.17/snapshot
File: /tmp/php-build/php-7.1.17/ltmain.sh
File: /tmp/php-build/php-7.1.17/genfiles
File: /tmp/php-build/php-7.1.17/config.guess
File: /tmp/php-build/php-7.1.17/configure
File: /tmp/php-build/php-7.1.17/server-tests-config.php
File: /tmp/php-build/php-7.1.17/makedist
File: /tmp/php-build/php-7.1.17/server-tests.php

I also received a message with the same subject, but with a different content:

Time: Thu Jul 12 00:05:04 2018 +0300
File:
Reason:
Owner:
Action: Too many hits for *LF_DIRWATCH* - Directory Watching disabled

Pls for information about such a case and whether there is a danger?!?

What do I do?

Thanks in advance!

BR

Venty

Offline
*
Re: Suspicious File Alert
« Reply #1 on: July 12, 2018, 08:58:58 AM »
Hi,

this is normal.
The php selector script activate to many changes in the tmp folder and creating these false positives.
CSF can give several false positives.
Like when you update your server you will receive a warning that several files has been changed.
You should only be worried when you receive this kind of warning while you were doing nothing to the server.

Offline
**
Re: Suspicious File Alert
« Reply #2 on: July 13, 2018, 07:36:36 AM »
https://www.24x7servermanagement.com/
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !!

Offline
*
Re: Suspicious File Alert
« Reply #3 on: July 13, 2018, 01:25:20 PM »
delete that folder
Code: [Select]
rm -rf /tmp/php-build
new cwp is cleaning this automatically so it will not occur again.
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.