ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://forum.configserver.com/

Suspicious File Alert - how to remove file

https://forum.configserver.com/viewtopic.php?t=10585

Page 1 of 1

Suspicious File Alert - how to remove file

Posted: 17 Nov 2017, 17:13
by digitaliway
I get the below alert and I am used to getting these, but this one has been coming in 50 times a day for only one user/domain. How can i just remove this file or find out what is going on?

Time: Fri Nov 17 07:06:08 2017 -0500
File: /tmp/index.php
Reason: Script, file extension
Owner: usernamehere:usernamehere (1020:1022)
Action: No action taken

Re: Suspicious File Alert - how to remove file

Posted: 07 Dec 2017, 12:40
by digitaliway
I figured I would answer this myself since I found a solution and no one else replied.

SSH into your Linux server as root

#command to change to the temp directory
cd /tmp

#command to list the contents of the directory
ls

#command to remove the problem file which is in this case index.php
rm index.php

I can confirm that is has resolved my issue so maybe it will help others.
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited