February 21Feb 21 Posted in the CWP forums but there is not much going on there figure might get some help here..New CWP install on Alma 8. On a private IP with no ports forwarded just doing the updates and such.Ran some updates and. got the popup in the webpage ran and got this.No idea? Is it serious or just a false positive on something.sh /scripts/cwp_security_audit------------------------------------------------------[INFO] Auditing cwpsrv (PID: 156548)[OK] cwpsrv looks clean.------------------------------------------------------[INFO] Auditing php-fpm-cwp (PID: 1086)[!!! CRITICAL ALERT !!!] Ghost files (deleted but running) found:php-fpm 1086 root DEL REG 253,0 1837740 /usr/local/ioncube/ioncube_loader_lin_7.2.soError:Can't add notification!------------------------------------------------------[INFO] Auditing apache (PID: 157091)[OK] apache looks clean.------------------------------------------------------ Edited February 21Feb 21 by MrDaveF
February 24Feb 24 It's clean; there is no rootkit on your server. IonCube is used by CWP as it is encoded with it, and for decryption purposes .so is loaded
Yesterday at 08:56 PM1 day CWP has recently started kicking out this and other like warnings for me as well...
Create an account or sign in to comment