lfd on server.2daygeek.com: Suspicious File Alert /tmp/oi_plugins.php
In our environment we have installed OpenInviter to import contacts (addressbook) from social networking sites & email providers. After installing openinviter on server, we got 1000+ messages every day from lfd which is horrible to see the mails very often in my inbox. I start the investigation to get solve the issue.
1) lfd alert message
The below error message which i received from lfd very often.
Time: Tue Sep 24 13:10:48 2013 +0100 File: /tmp/oi_plugins.php Reason: Script, file extension Owner: 2daygeek:2daygeek(502:501) Action: Moved into /var/lib/csf/suspicious.tar
2) How to find the config.php
To stop that alert message, we need to make small change on openinviter config.php file. Go to Open Invitor folder and findout the “config.php” file using the below command.
find / -name "config.php"
3) Replace “/tmp” with “tmp”
You will be getting the below two config file with different locations. Just replace “/tmp” with “tmp” on both file then save and exit.
/home/2daygeekc/public_html/new/OpenInviter/config.php And /home/2daygeekc/public_html/new/plugin/OpenInviter/config.php
Just replace “/tmp” with “tmp” in config.php and it stops the suspicious file alert from lfd. Hope this article was useful for you. Kindly provide your valuable feedback/comments in the commenting section.
Stay tuned with us !!