Skip to main content

.php.suspected

Comments

5 comments

  • cPanelMichael
    Hello, Does anyone else have root access to your server? Do you have any third-party applications that automatically scan and disable files with potential vulnerabilities? Thank you.
    0
  • zoltangal
    Hi, Nobody else has root access except a few of my coworkers. ClamAV Scanner is active in cPanel.
    0
  • cPanelMichael
    There are no features in cPanel/WHM that will scan for files and rename them. This suggests it's happening manually or through a third-party application. You may want to consult with everyone who has root access to verify it's not changed manually. Thank you.
    0
  • quizknows
    I do not know of any security programs that do this. I have seen technicians at some hosting companies do it, but it is bad practice, since unknown file extensions may display as plain text if file permissions are not set to prevent it.
    0
  • quizknows
    After some more research on this, this is a wide-spread issue across hacked sites. Why hackers would re-name legitimate files to .php.suspected is beyond me but I have confirmed this is happening on hacked sites via requests to malicious files. See:
    0

Please sign in to leave a comment.