Page 1 of 1

Suspicious file alert for font caching files

Posted: 09 Jan 2019, 06:43
by Northfork
Hi -
I'm getting a Suspicious File Alert notice regarding certain dynamically generated cached font files (TTF) within a particular WordPress plugin. Here are a few notices:

Time: Sun Jan 6 00:05:05 2019 -0900
File: /tmp/gravitypdf-f9030c7ae762b0c8213685204124121f/mpdf/ttfontdata/dejavusanscondensed.mtx.php
Reason: Script, file extension
Owner: dxlkfhpl:dxlkfhpl (1014:1016)
Action: No action taken

Time: Sun Jan 6 00:05:05 2019 -0900
File: /tmp/gravitypdf-f9030c7ae762b0c8213685204124121f/mpdf/ttfontdata/dejavusanscondensed.GSUB.arab.URD .php

Reason: Script, file extension
Owner: dxlkfhpl:dxlkfhpl (1014:1016)
Action: No action taken

Time: Sun Jan 6 00:05:05 2019 -0900
File: /tmp/gravitypdf-f9030c7ae762b0c8213685204124121f/mpdf/ttfontdata/dejavusanscondensedB.GSUB.arab.DFLT.php

Reason: Script, file extension
Owner: dxlkfhpl:dxlkfhpl (1014:1016)
Action: No action taken

Time: Sun Jan 6 00:05:05 2019 -0900
File: /tmp/gravitypdf-f9030c7ae762b0c8213685204124121f/mpdf/ttfontdata/dejavusanscondensedB.GDEFdata.php

Reason: Script, file extension
Owner: dxlkfhpl:dxlkfhpl (1014:1016)
Action: No action taken


I'd like to ignore these - as I'm getting a lot of emails. Should I add this to csf.fignore? If so what would be the correct way to add the path?

Thanks in advance!