Suspicious file name alerts from CSF
Hi my friends
Help me please. I have a problem whith notifications of CSF
The alerts are:
Any ideas? Thank you very much
------------------------------------------------------------------
Time: Mon Feb 1 00:50:22 2016 -0600
File: /tmp/*).length > 1 ) {
w = wpgallery.getWin();
$(#save-all,
Reason: Suspicious file name
Owner: pablodel:pablodel (766:779)
Action: No action taken
------------------------------------------------------------------
Time: Mon Feb 1 00:50:17 2016 -0600
File: /tmp/.hentry ).appendTo( $( .portfolio-projects ) );
} );
} )( jQuery );
Reason: Suspicious file name
Owner: pablodel:pablodel (766:779)
Action: No action taken
------------------------------------------------------------------
Time: Mon Feb 1 00:50:16 2016 -0600
File: /tmp/h3).text();
et_tb_interval = setInterval( function() {
jQuery(#TB_iframeContent).contents().find(.savesend
Reason: Suspicious file name
Owner: pablodel:pablodel (766:779)
Action: No action taken
------------------------------------------------------------------
Time: Mon Feb 1 00:50:15 2016 -0600
File: /tmp/li, setActiveItem("UL"));
}
if (itemName == "numlist") {
selection.selectorChanged(ol
Reason: Suspicious file name
Owner: pablodel:pablodel (766:779)
Action: No action taken
------------------------------------------------------------------
Any ideas? Thank you very much
-
Hello :) I've moved this thread to our "Security" forum. Please keep in mind this message stems from CSF/LFD as opposed to cPanel. You may want to review the file contents, or consult with a qualified security expert to determine if the file is malicious. Thank you. 0 -
Those look like pieces of script rather than file names, and I'm hazarding a guess are related to WordPress. Other than that I have nothing to contribute. 0 -
Those look like pieces of script rather than file names, and I'm hazarding a guess are related to WordPress. Other than that I have nothing to contribute.
Thank you my friend.0 -
Hey Victor, I have the same problem. My host provider sent me a notification that files with code snippets as names were created inside their (hosts) /tmp/ folder by our application. /tmp/*).length > 1 ) { w = wpgallery.getWin(); $(#save-all this was the name of the file. I was able to find this piece of code inside ./public_html/wp/wp-admin/js/gallery.js on line 75. But I do not know where to look next. How were you able to solve this? Could you spare any advice? 0 -
I just started getting this too.... email alerts from lfd on suspicious files in /tmp File: /tmp/li, setActiveItem("UL")); } if (itemName == "numlist") { selection.selectorChanged(ol Reason: Suspicious file name and File: /tmp/*).length > 1 ) { w = wpgallery.getWin(); $(#save-all, Reason: Suspicious file name
I've just removed them at this point - they don't contain any malware code0 -
I was able to find this piece of code inside ./public_html/wp/wp-admin/js/gallery.js on line 75. But I do not know where to look next. How were you able to solve this? Could you spare any advice?
This suggests the information stems from the Gallery plugin for WordPress. I suggest contacting the developers of the plugin to determine the reason for the reported behavior. Thank you.0
Please sign in to leave a comment.
Comments
6 comments