I'm facing a serious problem. I'm using Linux server. Files on that server are getting renamed automatically as .suspected
http://imagehost.suck-o.com/images/2015 ... d_file.jpg
See the last modification date of that file. Suddenly, my client calls me shows me the error. I searched in my code, and didn't find anything stupid. When I searched the entire directory, I found the above error (see the image).
Can anyone tell me what's the problem?
I faced the same issue a couple of days back, when I was setting up WordPress blog for one of my clients. I ignored that error, I thought it's the WordPress issue. But it again caused on non-WordPress.
Files on Linux server getting renamed as .SUSPECTED
- z3r0aCc3Ss
- Fame ! Where are the chicks?!
- Posts: 700
- Joined: 23 Jun 2009, 16:00
- 14
- Contact:
Files on Linux server getting renamed as .SUSPECTED
Beta tester for major RATs, all kinds of stealers and keyloggers.
Learning NMAP
Learning NMAP
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Files on Linux server getting renamed as .SUSPECTED
if the file is still on the same server it most likely triggers some kind of security scanner on there.
do you have root access on that server?
and have you checked the content of that file, especially for some Base64 gibberish (most likely at the start of the file)?
do you have root access on that server?
and have you checked the content of that file, especially for some Base64 gibberish (most likely at the start of the file)?
- z3r0aCc3Ss
- Fame ! Where are the chicks?!
- Posts: 700
- Joined: 23 Jun 2009, 16:00
- 14
- Contact:
Re: Files on Linux server getting renamed as .SUSPECTED
I do have root access to my server. It's my company server. Me and my 3 teammates handle it.
There's absolutely no change in file contents. It's just that file gets that extension.
There's absolutely no change in file contents. It's just that file gets that extension.
Beta tester for major RATs, all kinds of stealers and keyloggers.
Learning NMAP
Learning NMAP
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Files on Linux server getting renamed as .SUSPECTED
page 43:
https://www.f-secure.com/system/fsgalle ... manual.pdf" onclick="window.open(this.href);return false;
so either the file IS kinda malicious or it's a false positive and you have to complain at the server admin.
https://www.f-secure.com/system/fsgalle ... manual.pdf" onclick="window.open(this.href);return false;
so either the file IS kinda malicious or it's a false positive and you have to complain at the server admin.
- z3r0aCc3Ss
- Fame ! Where are the chicks?!
- Posts: 700
- Joined: 23 Jun 2009, 16:00
- 14
- Contact:
Re: Files on Linux server getting renamed as .SUSPECTED
Even I saw that PDF last night. File is not malicious at all. I'm using the same file in many different projects. And on Windows server, it didn't give any alerts.
I'll talk to my team.
But then, one more thing:
3-4 days back, on WordPress, wp-config, wp-settings, and 3-4 more files were renamed as .suspected.
What's the meaning of this? Those files are not malicious. Plus, we have WordPress security plugins installed.
I'll talk to my team.
But then, one more thing:
3-4 days back, on WordPress, wp-config, wp-settings, and 3-4 more files were renamed as .suspected.
What's the meaning of this? Those files are not malicious. Plus, we have WordPress security plugins installed.
Beta tester for major RATs, all kinds of stealers and keyloggers.
Learning NMAP
Learning NMAP
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Files on Linux server getting renamed as .SUSPECTED
hmm....post one of those files, it's very unusual a WP core file is labeled as malicious without a reason....