Non-Stop 'Suspicious File Alert'

Post Reply
jschmok
Junior Member
Posts: 3
Joined: 11 Nov 2018, 06:31

Non-Stop 'Suspicious File Alert'

Post by jschmok »

Hi All,

I'm using CSF and LFD on one of my WHM servers and have been getting about 6 of these alerts every hour:

Time: Wed Nov 14 06:05:24 2018 -0400
File: /tmp/.xcloner-cc30b
Reason: Suspicious directory
Owner: : (538:538)
Action: No action taken

All 6 are always the same content with the exception of the 5 characters after .xcloner-

Anyone have any suggestions on how to stop these? The directory that LFD thinks is suspicious doesn't exist by the time I go to check it. Please help! I've got THOUSANDS of these emails!
jschmok
Junior Member
Posts: 3
Joined: 11 Nov 2018, 06:31

Re: Non-Stop 'Suspicious File Alert'

Post by jschmok »

Is there a trend here? I just got another email (out of many thousands since then) with the exact same directory name:

Time: Mon Jan 7 15:06:00 2019 -0400
File: /tmp/.xcloner-cc30b
Reason: Suspicious directory
Owner: : (538:538)
Action: No action taken



Not sure if there is any relevance? Help? anyone?
Post Reply