Can't stop script alert even after whitelisting folder

3 posts Page 1 of 1
server13
Junior Member
Posts: 2
Joined: 10 Sep 2019, 16:12


I can't figure out how to ignore this folder which is in the server tmp folder. This is a wordpress plugin called zip recipes. It generates these cache files constantly, so I get an email every few minutes. Here is what I tried below. Any ideas on what I am doing wrong?

lfd Suspicious File Alert

Time: Tue Sep 10 11:00:43 2019 -0400
File: /tmp/zip-recipes/cache/ed/ed7695e8da10923427cd3a71560a65ea51ca83eed3d41f4580d3e00a1bda65d2.php
Reason: Script, file extension
Owner: websitecom:websitecom (609:608)
Action: No action taken

Tried the following:

1. edited: /etc/csf/csf.signore

/tmp/zip-recipes/*
/tmp/zip-recipes/cache/*
/tmp/zip-recipes/cache/*/

2. edited: /etc/csf/csf.fignore

/tmp/zip-recipes/
/tmp/zip-recipes/cache/

3. edited: /etc/csf/csf.pignore

exe:/tmp/zip-recipes
exe:/tmp/zip-recipes/.*
exe:/tmp/zip-recipes/.*/.*
BallyBasic79
Junior Member
Posts: 24
Joined: 22 Aug 2019, 21:43


In csf.fignore, does this work?
/tmp/zip-recipes/cache/ed/.*\.php
server13
Junior Member
Posts: 2
Joined: 10 Sep 2019, 16:12


Thanks for our input, I really appreciate it. This has been bugging me for a while.

The "ed" portion changes as well as the php file. So I just changed it to this:

/tmp/zip-recipes/cache/.*/.*\.php

I will see how this works!
3 posts Page 1 of 1