zoltangal

Registered
Dec 6, 2013
3
0
1
cPanel Access Level
Root Administrator
I came across a very strange problem. We installed a concrete5 CMS website on a cPAnel server. Twice a day this core file: concrete/src/validation/SanitizeService.php becames SanitizeService.php.suspected! Somehow it renames the extension to .php.suspected. Anybody have any idea why this is happening?

Thank You.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,237
463
Hello,

Does anyone else have root access to your server? Do you have any third-party applications that automatically scan and disable files with potential vulnerabilities?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,237
463
There are no features in cPanel/WHM that will scan for files and rename them. This suggests it's happening manually or through a third-party application. You may want to consult with everyone who has root access to verify it's not changed manually.

Thank you.
 
  • Like
Reactions: quizknows

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
I do not know of any security programs that do this. I have seen technicians at some hosting companies do it, but it is bad practice, since unknown file extensions may display as plain text if file permissions are not set to prevent it.