The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

suspicious file warning on smarty compile files

Discussion in 'Security' started by durangod, Jan 14, 2015.

  1. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Im curious why my tpl files are considered suspicous, they are just smarty cach compiled files, pretty normal now days and nothing wrong with the files.

    they are being stored in a folder called tmp/

     
  2. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    well thats kind of strange, just as a thought i changed the script config to use a dif name temp_c for the folder and created the folder and now its been a few min since i created the tpl files and no email.... could it be the system does not like tmp folder name other than the one above public_html?

    Strange, if i get the messages again i will be back, but any thoughts from anyone... thanks :)

    UPDATE: nope i was wrong i guess it just took awhile to send the email, i got a bunch more of them.. suspicious file warning..

    Any ideas what i might attempt here... thanks
     
    #2 durangod, Jan 15, 2015
    Last edited: Jan 15, 2015
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,460
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    That email is from CSF. No clue why it would be flagging your files unless there's something in those tpl files CSF doesn't like.

    You might ask over on the CSF forums about this.
     
  4. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    way ahead of you, i have been searching over there for a bit now, support is tough sometimes over there but im sure ill find something. I did find where it says that this might help... /scripts/securetmp from cPanel... first i have heard of it.
     
  5. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    no thats not what i need, i dont think this has anything to do with my var/tmp but rather my log files lfd needs to be set to ignore them.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,460
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    That won't be of any use to you for your tpl files. I'm assuming these file are a part of your WHMCS installation? If yes, your WHMCS tpl files are in the users' account file system. The securetmp script is for the servers file system.

    Whatever you're adding to the site thats new, remove it, clear your temp_c directory and load up the site again. Does CSF continue to flag it? I think thats where your issues are at.

    Many, many of us uses CSF and WHMCS and don't have this problem.
     
  7. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    no its not whmcs its another script that im writing, actually thinking about that var tmp dir got me thinking, and so i checked the tpl.php error file names against the current file tpl.php files and they are dif... So i think i know how this happened or why but now i need to figure out how to fix it.

    What happened was when i was originally writing the code today to store the tpl.php files i put /tmp instead of tmp/ (or the other way around) i caught it when i got the error in my php error log. But i think what happened is that it saved a few tpl.php files in the root tmp folder and every time lfd runs it sees them and tosses the warning.

    i think thats why i get so many emails when im not doing anything or loading pages, because the files are still there and need to be removed.

    So now, how do i remove them from the root tmp folder... im assuming putty var/tmp dir but im not sure... but im pretty sure thats the issue.
     
  8. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    yep just looked at the var/tmp folder and there they are. so can i clear that whole folder with one command, and should it, or should i del one file at a time?
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,460
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You need to be careful when clearing the tmp directory, it contains mysql.sock. Delete that and your sites stop working. Do yo uhave ConfigServer Explorer installed? If not you should. Very helpful tool to have. For example without even logging into SSH you could, right from CSE while in tmp, do this:
    rm -rf /tmp/*.tpl.php

    That will clear all those files created by your script.
    (you need to be very careful when running that command, and make sure you're in the actual directory.)

    There's your issue. I'm sure of it. Just as WHMCS writes to its own tmp directory on the users account as you know, so should your new script. Fix that, solve the problem.

    GL!
     
  10. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    yep that was it i just did a rm *.tpl.php in putty and it let me do one at a time and reply Y to each and they are gone...

    thanks

    i have changed my script save folder to its own unique name as well to keep this from happening again, especially with any clients of mine...
     
Loading...

Share This Page