Can't stop script alert even after whitelisting folder

Post Reply
server13
Junior Member
Posts: 2
Joined: 10 Sep 2019, 16:12

Can't stop script alert even after whitelisting folder

Post by server13 »

I can't figure out how to ignore this folder which is in the server tmp folder. This is a wordpress plugin called zip recipes. It generates these cache files constantly, so I get an email every few minutes. Here is what I tried below. Any ideas on what I am doing wrong?

lfd Suspicious File Alert

Time: Tue Sep 10 11:00:43 2019 -0400
File: /tmp/zip-recipes/cache/ed/ed7695e8da10923427cd3a71560a65ea51ca83eed3d41f4580d3e00a1bda65d2.php
Reason: Script, file extension
Owner: websitecom:websitecom (609:608)
Action: No action taken

Tried the following:

1. edited: /etc/csf/csf.signore

/tmp/zip-recipes/*
/tmp/zip-recipes/cache/*
/tmp/zip-recipes/cache/*/

2. edited: /etc/csf/csf.fignore

/tmp/zip-recipes/
/tmp/zip-recipes/cache/

3. edited: /etc/csf/csf.pignore

exe:/tmp/zip-recipes
exe:/tmp/zip-recipes/.*
exe:/tmp/zip-recipes/.*/.*

BallyBasic79
Junior Member
Posts: 79
Joined: 22 Aug 2019, 21:43

Re: Can't stop script alert even after whitelisting folder

Post by BallyBasic79 »

In csf.fignore, does this work?
/tmp/zip-recipes/cache/ed/.*\.php

server13
Junior Member
Posts: 2
Joined: 10 Sep 2019, 16:12

Re: Can't stop script alert even after whitelisting folder

Post by server13 »

Thanks for our input, I really appreciate it. This has been bugging me for a while.

The "ed" portion changes as well as the php file. So I just changed it to this:

/tmp/zip-recipes/cache/.*/.*\.php

I will see how this works!

Post Reply