Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

/tmp directory lfd emails

Discussion in 'Security' started by salvatore333, Nov 9, 2010.

  1. salvatore333

    salvatore333 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    166
    I keep getting a lot of the below emails (suspicous file alert from lfd) every time this customer updates their joomla. i have secured the /tmp directory long ago per below. Should I be concerned about this and what action should I take?

    I have googled everything, thanks so much

    Time: Tue Nov 9 00:05:04 2010 -0500
    File: /tmp/install_4cd8064875***/CustoMenu-v2.5.3/installer.php
    Reason: Script, file extension
    Owner: plumm***:plumm*** (566:563)
    Action: No action taken
    ----------------------------------------------
    I have already secured below:
    /var/tmp is mounted noexec,nosuid
    /var/tmp is mounted as a filesystem
    Suhosin for PHP enabled in apache.
    Mod Security enabled in apache.
    ---------------------------------------------

    This is whats in my /tmp directory on the server:

    aquota.user
    ArticlesAnywhere-v1.4.4.zip
    .cpanel_easy-.MvwOeCDIqxU6QU3v
    .cpanel_easy-.MvwOeCDIqxU6QU3v.had_error
    CustoMenu-v2.5.3.zip
    eaccelerator/
    .ftpquota
    .ICE-unix/
    install_4cd8061e2a6fe/
    install_4cd80648754d5/
    lost+found/
    mm.sem.zg4eXB
    mysql.sock@
    pear/
    .spamassassin20015FRkcDtmp
    .spamassassin2001EEmlbXtmp
    spamd-24132-init/

    and hundreds of the below files:
    sess_ffe8498fa9503ceed35712317c8f0c34


    thanks again for any help
     
  2. smoge

    smoge Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    156
    Any false-positives can be added to /etc/csf/csf.fignore and lfd will then
    ignore those listed files and directories.

    Within csf.fignore is a list of files that lfd directory watching will ignore.
    You must specify the full path to the file

    You can also use perl regular expression pattern matching, for example:
    /tmp/clamav.*
    /tmp/.*\.wrk

    Remember that you will need to escape special characters (precede them with a
    backslash) such as \. \?

    Pattern matching will only occur with strings containing an asterisk (*),
    otherwise full file path matching will be applied
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice