Facebook
Twitter
Hi I am running LFD and CSF, and have suddenly started receiving warning emails
Time: Sun Mar 24 05:38:24 2013 +0000
File: /tmp/.state
Reason: Suspicious directory
Owner: apache:apache (502:503)
Action: No action taken
inside /tmp/.state is an empty 04 dir, and a /server directory, containing files..
d--------- 2 apache apache 4096 Mar 24 02:44 .
d--------- 4 apache apache 4096 Mar 24 02:44 ..
---------- 1 apache apache 0 Mar 24 02:44 application.dir
---------- 1 apache apache 0 Mar 24 02:44 application.lock
---------- 1 apache apache 0 Mar 24 02:44 application.pag
---------- 1 apache apache 0 Mar 24 02:44 internal.dir
---------- 1 apache apache 0 Mar 24 02:44 internal.lock
---------- 1 apache apache 1024 Mar 24 02:44 internal.pag
Have googled, and grepped apache access_logs for /.state, , but cannot find anything..
should I be worried about a rogue script or hacking ? or is this legitimate part of plesk accessing the .tmp?
thanks
Will
Time: Sun Mar 24 05:38:24 2013 +0000
File: /tmp/.state
Reason: Suspicious directory
Owner: apache:apache (502:503)
Action: No action taken
inside /tmp/.state is an empty 04 dir, and a /server directory, containing files..
d--------- 2 apache apache 4096 Mar 24 02:44 .
d--------- 4 apache apache 4096 Mar 24 02:44 ..
---------- 1 apache apache 0 Mar 24 02:44 application.dir
---------- 1 apache apache 0 Mar 24 02:44 application.lock
---------- 1 apache apache 0 Mar 24 02:44 application.pag
---------- 1 apache apache 0 Mar 24 02:44 internal.dir
---------- 1 apache apache 0 Mar 24 02:44 internal.lock
---------- 1 apache apache 1024 Mar 24 02:44 internal.pag
Have googled, and grepped apache access_logs for /.state, , but cannot find anything..
should I be worried about a rogue script or hacking ? or is this legitimate part of plesk accessing the .tmp?
thanks
Will
