Suspicious File Alert

Discussion in 'General' started by pooyan, May 30, 2013.

  1. pooyan

    pooyan New Member

    Dear Team,
    Please help me who can i do fix this problem?

    Centos 6
    cPanel
    LSWS final version

    Time: Thu May 30 20:30:12 2013 +0430
    File: /tmp/phpDHsp29
    Reason: Script, starts with #!
    Owner: account_user_name:account_user_name (538:535)
    Action: Moved into /etc/csf/suspicious.tar
  2. webizen

    webizen New Member

    this alert is from LFD (part of CSF). it means the account_user_name (538:535) runs a suspicious php script that is caught by lfd. you need to verify if the script indeed has any issue and deal with it (remove or something else). this has nothing to do with lsws.
  3. pooyan

    pooyan New Member

    We believe this is a conflict between lsws and maybe mode_sec or CSF, Because when we switch to apache will not receive this warning again!
    We've already told you and told you it is time to upgrade lsws.
  4. pooyan

    pooyan New Member

    After upgrade lsws to 4.2.3 problem fixed!
  5. pooyan

    pooyan New Member

    Problem not fixed
    Please tell me solution.
  6. pooyan

    pooyan New Member

  7. webizen

    webizen New Member

    see if you can extract the file in question (ie, /tmp/phpDHsp29) from the tar file and check what's in it.

Share This Page