Hi Guys,
We are getting alot of these errors:
Executable:
/opt/cpanel/ea-php72/root/usr/bin/lsphp.cagefs
Command Line (often faked in exploits):
lsphp:/home/[user]/public_html/wp-cron.php
They are very much a false-positive, since wp-cron.php i normal script in all WP installations.
So how do we whitelist this cmd?
I have tried adding this in /etc/csf/csf.pignore:
We have also tried:
But it does not seem to have an effect.
Any ideas?
We are getting alot of these errors:
Executable:
/opt/cpanel/ea-php72/root/usr/bin/lsphp.cagefs
Command Line (often faked in exploits):
lsphp:/home/[user]/public_html/wp-cron.php
They are very much a false-positive, since wp-cron.php i normal script in all WP installations.
So how do we whitelist this cmd?
I have tried adding this in /etc/csf/csf.pignore:
Code:
pcmd:lsphp:/home/*/public_html/wp-cron.php
pcmd:lsphp:/home/*/public_html/*/wp-cron.php
pcmd:lsphp:/home/*/*/wp-cron.php
Code:
pcmd:/usr/bin/php /home/*/public_html/wp-cron.php
pcmd:/usr/bin/php /home/*/public_html/*/wp-cron.php
pcmd:/usr/bin/php /home/*/*/wp-cron.php
Any ideas?