Saturday at 05:39 AM3 days Posted in the CWP forums but there is not much going on there figure might get some help here..New CWP install on Alma 8. On a private IP with no ports forwarded just doing the updates and such.Ran some updates and. got the popup in the webpage ran and got this.No idea? Is it serious or just a false positive on something.sh /scripts/cwp_security_audit------------------------------------------------------[INFO] Auditing cwpsrv (PID: 156548)[OK] cwpsrv looks clean.------------------------------------------------------[INFO] Auditing php-fpm-cwp (PID: 1086)[!!! CRITICAL ALERT !!!] Ghost files (deleted but running) found:php-fpm 1086 root DEL REG 253,0 1837740 /usr/local/ioncube/ioncube_loader_lin_7.2.soError:Can't add notification!------------------------------------------------------[INFO] Auditing apache (PID: 157091)[OK] apache looks clean.------------------------------------------------------ Edited Saturday at 05:39 AM3 days by MrDaveF
1 hour ago1 hr It's clean; there is no rootkit on your server. IonCube is used by CWP as it is encoded with it, and for decryption purposes .so is loaded
Create an account or sign in to comment