Control Web Panel
WebPanel => PHP Selector => Topic started by: venty on July 12, 2018, 07:55:10 AM
-
Hi,
my main version of the PHP is 7.2.5. With PHP SELECTOR I installed PHP 7.1 and now I'm running both ...
I have received e-mail messages, all of them with the same subject - "lfd on myhosting.com: Suspicious File Alert", with the following content:
Time: Thu Jul 12 00:05:04 2018 +0300
File: /tmp/php-build/php-7.1.17/config.sub
Reason: Script, starts with #!
Owner: v:v (1000:1000)
Action: No action taken
This message with the same subject and content I received for the following files:
File: /tmp/php-build/php-7.1.17/config.sub
File: /tmp/php-build/php-7.1.17/run-tests.php
File: /tmp/php-build/php-7.1.17/snapshot
File: /tmp/php-build/php-7.1.17/ltmain.sh
File: /tmp/php-build/php-7.1.17/genfiles
File: /tmp/php-build/php-7.1.17/config.guess
File: /tmp/php-build/php-7.1.17/configure
File: /tmp/php-build/php-7.1.17/server-tests-config.php
File: /tmp/php-build/php-7.1.17/makedist
File: /tmp/php-build/php-7.1.17/server-tests.php
I also received a message with the same subject, but with a different content:
Time: Thu Jul 12 00:05:04 2018 +0300
File:
Reason:
Owner:
Action: Too many hits for *LF_DIRWATCH* - Directory Watching disabled
Pls for information about such a case and whether there is a danger?!?
What do I do?
Thanks in advance!
BR
Venty
-
Hi,
this is normal.
The php selector script activate to many changes in the tmp folder and creating these false positives.
CSF can give several false positives.
Like when you update your server you will receive a warning that several files has been changed.
You should only be worried when you receive this kind of warning while you were doing nothing to the server.
-
Check this post for the solution:- http://forum.centos-webpanel.com/apache/suspicious-file-alert-mail-every-night/
-
delete that folder
rm -rf /tmp/php-build
new cwp is cleaning this automatically so it will not occur again.