|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
durangod Smarty Regular
Joined: 10 Feb 2011 Posts: 39
|
Posted: Thu Jan 15, 2015 11:47 am Post subject: suspicious file warning on smarty tpl compile files |
|
|
hi,
recently i began receiving a server warning email regarding the cache complied smarty files. To help resolve this i changed my tmp dir name in my script smarty config file and no change it still sends the warning emails. So then i did a agent ransack search for anything /tmp/ or tmp/ for the script and it came back nothing other than one called xxxtmp that i use for to store the cache files above the public_html for extra security.
here is the email that i am getting, the xxxx is my username which i have changed for privacy here.
the title of the email is : lfd on vulcan.xxxxxxhosting.com: Suspicious File Alert
I get one of these for every file that is stored.
Quote: |
Time: Wed Jan 14 23:28:55 2015 -0700
File: /tmp/%%F7^F7F^F7F34188%%header.tpl.php
Reason: Script, file extension
Owner: xxxx:xxxx (512:524)
Action: No action taken
|
i dont know where /tmp/ is comming from as there is nothing /tmp/ in the script now. This seems to be comming from the public_html storage of these files, when i change to storage to above the public_html i dont get the emails.
Anyone else ever have such an issue?
thanks |
|
Back to top |
|
durangod Smarty Regular
Joined: 10 Feb 2011 Posts: 39
|
Posted: Thu Jan 15, 2015 1:13 pm Post subject: |
|
|
got it... my fault
this post explains what i did wrong and how i fixed it.
Basically be very very careful when you assign a name for your cache files for smarty, i used tmp and it stored the files in the root server tmp folder which has a noexec block. once i deleted the files from that folder it was ok. I have since changed my stored folder to a very unique name to keep this from happening with any users once released to the public.
http://forums.cpanel.net/f185/suspicious-file-warning-smarty-compile-files-448251.html |
|
Back to top |
|
AnrDaemon Administrator
Joined: 03 Dec 2012 Posts: 1785
|
Posted: Thu Jan 15, 2015 4:21 pm Post subject: |
|
|
Compiled templates directory should be unique per site. Normally located inside the site's temp folder, not in system temp folder. Unless, however, the whole system is dedicated to one site (LXC, embedded appliances etc.) |
|
Back to top |
|
udirect61 Smarty n00b
Joined: 16 Jan 2015 Posts: 4
|
Posted: Fri Jan 16, 2015 5:55 am Post subject: |
|
|
so the ,stored folder must have very unique name to keep this from happening with any users once released to the public.
thanks for sharing your experience |
|
Back to top |
|
AnrDaemon Administrator
Joined: 03 Dec 2012 Posts: 1785
|
Posted: Fri Jan 16, 2015 10:04 am Post subject: |
|
|
Not so much "unique", rather: never use relative paths in your configuration. |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|