Skip to main content

Suspicious file name alerts from CSF

Comments

6 comments

  • cPanelMichael
    Hello :) I've moved this thread to our "Security" forum. Please keep in mind this message stems from CSF/LFD as opposed to cPanel. You may want to review the file contents, or consult with a qualified security expert to determine if the file is malicious. Thank you.
    0
  • keat63
    Those look like pieces of script rather than file names, and I'm hazarding a guess are related to WordPress. Other than that I have nothing to contribute.
    0
  • Victor Perez
    Those look like pieces of script rather than file names, and I'm hazarding a guess are related to WordPress. Other than that I have nothing to contribute.

    Thank you my friend.
    0
  • Kamenjan
    Hey Victor, I have the same problem. My host provider sent me a notification that files with code snippets as names were created inside their (hosts) /tmp/ folder by our application. /tmp/*).length > 1 ) { w = wpgallery.getWin(); $(#save-all this was the name of the file. I was able to find this piece of code inside ./public_html/wp/wp-admin/js/gallery.js on line 75. But I do not know where to look next. How were you able to solve this? Could you spare any advice?
    0
  • Neil Gee
    I just started getting this too.... email alerts from lfd on suspicious files in /tmp
    File: /tmp/li, setActiveItem("UL")); } if (itemName == "numlist") { selection.selectorChanged(ol Reason: Suspicious file name and File: /tmp/*).length > 1 ) { w = wpgallery.getWin(); $(#save-all, Reason: Suspicious file name
    I've just removed them at this point - they don't contain any malware code
    0
  • cPanelMichael
    I was able to find this piece of code inside ./public_html/wp/wp-admin/js/gallery.js on line 75. But I do not know where to look next. How were you able to solve this? Could you spare any advice?

    This suggests the information stems from the Gallery plugin for WordPress. I suggest contacting the developers of the plugin to determine the reason for the reported behavior. Thank you.
    0

Please sign in to leave a comment.