suspicious file warning on smarty compile files

[durangod]

Im curious why my tpl files are considered suspicous, they are just smarty cach compiled files, pretty normal now days and nothing wrong with the files.

they are being stored in a folder called tmp/

Time: Wed Jan 14 22:28:45 2015 -0700
File: /tmp/%%0E^0E4^0E407559%%footer.tpl.php
Reason: Script, file extension
Owner: xxxx:xxxx (512:524)
Action: No action taken

 

[durangod]

well thats kind of strange, just as a thought i changed the script config to use a dif name temp_c for the folder and created the folder and now its been a few min since i created the tpl files and no email.... could it be the system does not like tmp folder name other than the one above public_html?

Strange, if i get the messages again i will be back, but any thoughts from anyone... thanks

UPDATE: nope i was wrong i guess it just took awhile to send the email, i got a bunch more of them.. suspicious file warning..

Any ideas what i might attempt here... thanks

 

[Infopro]

That email is from CSF. No clue why it would be flagging your files unless there's something in those tpl files CSF doesn't like.

You might ask over on the CSF forums about this.

 

[durangod]

way ahead of you, i have been searching over there for a bit now, support is tough sometimes over there but im sure ill find something. I did find where it says that this might help... /scripts/securetmp from cPanel... first i have heard of it.

 

[durangod]

no thats not what i need, i dont think this has anything to do with my var/tmp but rather my log files lfd needs to be set to ignore them.

 

[Infopro]

That won't be of any use to you for your tpl files. I'm assuming these file are a part of your WHMCS installation? If yes, your WHMCS tpl files are in the users' account file system. The securetmp script is for the servers file system.

Whatever you're adding to the site thats new, remove it, clear your temp_c directory and load up the site again. Does CSF continue to flag it? I think thats where your issues are at.

Many, many of us uses CSF and WHMCS and don't have this problem.

 

[durangod]

no its not whmcs its another script that im writing, actually thinking about that var tmp dir got me thinking, and so i checked the tpl.php error file names against the current file tpl.php files and they are dif... So i think i know how this happened or why but now i need to figure out how to fix it.

What happened was when i was originally writing the code today to store the tpl.php files i put /tmp instead of tmp/ (or the other way around) i caught it when i got the error in my php error log. But i think what happened is that it saved a few tpl.php files in the root tmp folder and every time lfd runs it sees them and tosses the warning.

i think thats why i get so many emails when im not doing anything or loading pages, because the files are still there and need to be removed.

So now, how do i remove them from the root tmp folder... im assuming putty var/tmp dir but im not sure... but im pretty sure thats the issue.

 

[durangod]

yep just looked at the var/tmp folder and there they are. so can i clear that whole folder with one command, and should it, or should i del one file at a time?

 

[Infopro]

You need to be careful when clearing the tmp directory, it contains mysql.sock. Delete that and your sites stop working. Do yo uhave ConfigServer Explorer installed? If not you should. Very helpful tool to have. For example without even logging into SSH you could, right from CSE while in tmp, do this:
rm -rf /tmp/*.tpl.php

That will clear all those files created by your script.
(you need to be very careful when running that command, and make sure you're in the actual directory.)

...to store the tpl.php files i put /tmp instead of tmp/...

There's your issue. I'm sure of it. Just as WHMCS writes to its own tmp directory on the users account as you know, so should your new script. Fix that, solve the problem.

GL!

 

[durangod]

yep that was it i just did a rm *.tpl.php in putty and it let me do one at a time and reply Y to each and they are gone...

thanks

i have changed my script save folder to its own unique name as well to keep this from happening again, especially with any clients of mine...