Smarty

durangod · Smarty Regular Joined: 10 Feb 2011 Posts: 39

hi,

recently i began receiving a server warning email regarding the cache complied smarty files. To help resolve this i changed my tmp dir name in my script smarty config file and no change it still sends the warning emails. So then i did a agent ransack search for anything /tmp/ or tmp/ for the script and it came back nothing other than one called xxxtmp that i use for to store the cache files above the public_html for extra security.

here is the email that i am getting, the xxxx is my username which i have changed for privacy here.

the title of the email is : lfd on vulcan.xxxxxxhosting.com: Suspicious File Alert

I get one of these for every file that is stored.

durangod · Smarty Regular Joined: 10 Feb 2011 Posts: 39

got it... my fault

this post explains what i did wrong and how i fixed it.

Basically be very very careful when you assign a name for your cache files for smarty, i used tmp and it stored the files in the root server tmp folder which has a noexec block. once i deleted the files from that folder it was ok. I have since changed my stored folder to a very unique name to keep this from happening with any users once released to the public.

http://forums.cpanel.net/f185/suspicious-file-warning-smarty-compile-files-448251.html

AnrDaemon · Administrator Joined: 03 Dec 2012 Posts: 1785

Compiled templates directory should be unique per site. Normally located inside the site's temp folder, not in system temp folder. Unless, however, the whole system is dedicated to one site (LXC, embedded appliances etc.)

udirect61 · Smarty n00b Joined: 16 Jan 2015 Posts: 4

so the ,stored folder must have very unique name to keep this from happening with any users once released to the public. Razz

thanks for sharing your experience Laughing

AnrDaemon · Administrator Joined: 03 Dec 2012 Posts: 1785

Not so much "unique", rather: never use relative paths in your configuration.