"Suspicious File Alert" notification email

[ForexTalk11]

I got a lot of emails:
---------------------------------------------
File: /tmp/lshttpd/bak_core/core.9609
Reason: Linux Binary
Owner: nobody:nobody (99:99)
Action: No action taken

And also a lof of email such as:
---------------------------------------------
PID: 9611 (Parent PID:9603)
Account: nobody
Uptime: 60923 seconds


Executable:

/usr/local/lsws/bin/lshttpd.5.2.1


Command Line (often faked in exploits):

litespeed (lshttpd)
---

Is that a bug please?

Thanks.

 

[Jon K]

please try the following to see if the messages stop.
/usr/local/lsws/admin/misc/lsup.sh -d -f -v 5.2.1

 

[ForexTalk11]

It's not stop but sent more often, now I get 1 email each 5 mins. Any fix please?
Thanks.

 

[NiteWave]

you need empty /tmp/lshttpd/bak_core/ first.
otherwise it'll keep sending emails.
if no new file create in /tmp/lshttpd/bak_core/, then the issue fixed.
otherwise, please log a ticket to better trace it until it's resolved.

 

[ForexTalk11]

How to empty /tmp/lshttpd/bak_core/ please?
I purchase LiteSpeed via liquidweb so I don't get any login info!

 

[NiteWave]

How to empty /tmp/lshttpd/bak_core/ please?

#rm -rf /tmp/lshttpd/bak_core/*

 

[ForexTalk11]

Still the same, after a days there have 80 new emails. Any way to fix this please?

 

[Jon K]

We released build 4 of 5.2.1 yesterday, please try upgrading to that
/usr/local/lsws/admin/misc/lsup.sh -f -v 5.2.1

If it does not help please submit a ticket from the following link: https://store.litespeedtech.com/store/submitticket.php?step=2&deptid=4

 

[JoseDieguez]

that's LFD notification.. from CSF plugin on your install.

you need to delete that file, and if it gets recreated frequently, contact LS Support.

 

[ForexTalk11]

How to delete that file please?

 

[NiteWave]

How to delete that file please?

#rm -rf /tmp/lshttpd/bak_core/*

 

[jmginer]

Can you give a more detailed explanation of what the files generated in /tmp/lshttpd/bak_core/ are?

 

[Pong]

core files for bug reporting. upgrade to latest version and latest build normally fix the issue. If not, our developer can login and check the issue.

https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:bug-reporting