Suspicious File Alert

Discussion in 'General' started by pooyan, May 30, 2013.

  1. pooyan

    pooyan Well-Known Member

    Dear Team,
    Please help me who can i do fix this problem?

    Centos 6
    cPanel
    LSWS final version

    Time: Thu May 30 20:30:12 2013 +0430
    File: /tmp/phpDHsp29
    Reason: Script, starts with #!
    Owner: account_user_name:account_user_name (538:535)
    Action: Moved into /etc/csf/suspicious.tar
     
  2. webizen

    webizen Well-Known Member

    this alert is from LFD (part of CSF). it means the account_user_name (538:535) runs a suspicious php script that is caught by lfd. you need to verify if the script indeed has any issue and deal with it (remove or something else). this has nothing to do with lsws.
     
  3. pooyan

    pooyan Well-Known Member

    We believe this is a conflict between lsws and maybe mode_sec or CSF, Because when we switch to apache will not receive this warning again!
    We've already told you and told you it is time to upgrade lsws.
     
  4. pooyan

    pooyan Well-Known Member

    After upgrade lsws to 4.2.3 problem fixed!
     
  5. pooyan

    pooyan Well-Known Member

    Problem not fixed
    Please tell me solution.
     
  6. pooyan

    pooyan Well-Known Member

  7. webizen

    webizen Well-Known Member

    see if you can extract the file in question (ie, /tmp/phpDHsp29) from the tar file and check what's in it.
     

Share This Page