February 21Feb 21 Posted in the CWP forums but there is not much going on there figure might get some help here..New CWP install on Alma 8. On a private IP with no ports forwarded just doing the updates and such.Ran some updates and. got the popup in the webpage ran and got this.No idea? Is it serious or just a false positive on something.sh /scripts/cwp_security_audit------------------------------------------------------[INFO] Auditing cwpsrv (PID: 156548)[OK] cwpsrv looks clean.------------------------------------------------------[INFO] Auditing php-fpm-cwp (PID: 1086)[!!! CRITICAL ALERT !!!] Ghost files (deleted but running) found:php-fpm 1086 root DEL REG 253,0 1837740 /usr/local/ioncube/ioncube_loader_lin_7.2.soError:Can't add notification!------------------------------------------------------[INFO] Auditing apache (PID: 157091)[OK] apache looks clean.------------------------------------------------------ Edited February 21Feb 21 by MrDaveF
February 24Feb 24 It's clean; there is no rootkit on your server. IonCube is used by CWP as it is encoded with it, and for decryption purposes .so is loaded
Tuesday at 08:56 PM3 days CWP has recently started kicking out this and other like warnings for me as well...
Thursday at 11:38 AM1 day On 3/10/2026 at 9:56 PM, enetworkassociates said:CWP has recently started kicking out this and other like warnings for me as well...Yep. I'm now getting an alert about unauthorized ports for php-fpm. I'm not sure if it's due to my recent tweak to add php 8.5 support in CWP selectors.
Create an account or sign in to comment