Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

CSF identifying SS files as suspicious


Go to End
Reply

10 Posts   2423 Views

Avatar
marikas

26 November 2007 at 3:04am (Last edited: 26 November 2007 3:06am), Community Member, 24 Posts

Hi,

I use the [url=http://www.configserver.com/cp/csf.html]CSF firewall[/url] on my server and after installing SS I got about twenty warning emails from it telling me that:

Time: Mon Nov 26 01:29:04 2007
File: /tmp/silverstripe-cache-home-[ACCOUNTNAME]-public_html-silver/cache.php
Reason: Script, file extension
Owner: [ACCOUNTNAME]:[ACCOUNTNAME]
Action: Moved into /etc/csf/suspicious.tar

Time: Mon Nov 26 00:13:20 2007
File: /tmp/silverstripe-cache-home-[ACCOUNTNAME]-public_html-silver/manifest_home_[ACCOUNTNAME]_public_html_silver_sapphire_main.php
Reason: Script, file extension
Owner: [ACCOUNTNAME]:[ACCOUNTNAME]
Action: Moved into /etc/csf/suspicious.tar

I installed the latest RC (downloaded direct from here) Should I be concerned?

TIA

Avatar
DaveP

26 November 2007 at 11:18am Community Member, 48 Posts

Hi Marikas,

Isn't the whole point of a firewall for you to be able to add this warning as an inclusion so it doesn't keep bothering you ?

cheers, Dave Porter

Avatar
marikas

26 November 2007 at 11:58am Community Member, 24 Posts

Thanks DaveP,

I appreciate you taking the time to post a response.

I know the point of a firewall is so that I can tell it to stop bothering me, but i'm a rebel. I like it to bother me when it gets suspicious of something. If it tells me there is a suspicious file on my server, I immediately investigate the matter, hoping against hope that I have not inadvertently uploaded a malicious script of some form or other.

Being but a virgin in the *cough*art*cough* of coding, I am about as clueless about whether there is a vulnerability in the script as George Bush is on international Affairs.

For all I know the silverstripe server may have been hacked like Joomla.org was a short while ago and the latest silverstripe RC replaced with a vulnerable version.

Far fetched I know, and no, TBH I didn't for a second even imagine that had occurred. However, please don't brush aside my post by virtually saying "umm... ok n00b, didn't you realize you had to tell your firewall not to warn you about Silverstripe".

I posted it here because Jonathan's CSF (firewall) is hugely popular and many folk, n00bs like myself ;) , will wonder the same as I did. I felt the Silverstripe team might want to put a notice in the install script saying "if you have CSF, expect warnings about this but fear not, it is completely safe!".

Thank you for your time. I truly appreciate the efforts of the Silverstripe team and thought this tiny bit of feedback about my initial experience with the script might interest them. Feel free to ignore this thread :)

Cheers

Avatar
DaveP

26 November 2007 at 1:36pm Community Member, 48 Posts

Hi Marikas,

Thanks for your thoughts...

I certainly did not imply that you should just allow the warning to go un-abated just to stop the annoyance.

As I've been using SS for a few weeks now and the ss files are simply HTML files with control codes which are calls to code you have complete control over, I have faith in what they do.

But you are right to be wary - I'd be interested to see what some of the other people here have to contribute to this discussion.

regards, Dave Porter

Avatar
DaveP

26 November 2007 at 1:38pm Community Member, 48 Posts

I just went back and reread your initial post and is it possible that your firewall is set to warn on .php files ? This appears to be what is is complaining about !

Dave

Avatar
marikas

26 November 2007 at 11:34pm Community Member, 24 Posts

Thanks Dave,

I'm sure if there was anything dodgy about the files, I would have heard from the SS team by now. Hmmm.. that acronym(SS) has a tainted history lol. Need a better sounding one.

Thanks for the second suggestion as well, but no, that can't be it. My box has about 30 Joomla (php) sites on it. :)

Anyway, I'll just take your advice and tell CSF to ignore the "suspicious" files in question.

Cheers

Avatar
DaveP

26 November 2007 at 11:59pm Community Member, 48 Posts

Oh, Did you hate Social Studies at school ?
Dave

Avatar
marikas

27 November 2007 at 5:45pm Community Member, 24 Posts

LOL. nope, only math.. with a vengence!!

http://en.wikipedia.org/wiki/SS

ugghh... feel dirty just posting the link here.

Go to Top