ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://forum.configserver.com/

Can't stop script alert even after whitelisting folder

https://forum.configserver.com/viewtopic.php?t=11470

Page 1 of 1

Can't stop script alert even after whitelisting folder

Posted: 10 Sep 2019, 16:20
by server13
I can't figure out how to ignore this folder which is in the server tmp folder. This is a wordpress plugin called zip recipes. It generates these cache files constantly, so I get an email every few minutes. Here is what I tried below. Any ideas on what I am doing wrong?

lfd Suspicious File Alert

Time: Tue Sep 10 11:00:43 2019 -0400
File: /tmp/zip-recipes/cache/ed/ed7695e8da10923427cd3a71560a65ea51ca83eed3d41f4580d3e00a1bda65d2.php
Reason: Script, file extension
Owner: websitecom:websitecom (609:608)
Action: No action taken

Tried the following:

1. edited: /etc/csf/csf.signore

/tmp/zip-recipes/*
/tmp/zip-recipes/cache/*
/tmp/zip-recipes/cache/*/

2. edited: /etc/csf/csf.fignore

/tmp/zip-recipes/
/tmp/zip-recipes/cache/

3. edited: /etc/csf/csf.pignore

exe:/tmp/zip-recipes
exe:/tmp/zip-recipes/.*
exe:/tmp/zip-recipes/.*/.*

Re: Can't stop script alert even after whitelisting folder

Posted: 12 Sep 2019, 02:24
by BallyBasic79
In csf.fignore, does this work?
/tmp/zip-recipes/cache/ed/.*\.php

Re: Can't stop script alert even after whitelisting folder

Posted: 12 Sep 2019, 17:02
by server13
Thanks for our input, I really appreciate it. This has been bugging me for a while.

The "ed" portion changes as well as the php file. So I just changed it to this:

/tmp/zip-recipes/cache/.*/.*\.php

I will see how this works!
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited