Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Graeme S. Posted May 14, 2018 Posted May 14, 2018 Hi all, Over the past few weeks I've been ocassionally getting an email that about a suspicious process (the cron job for Invision). I've ignored it but over the past 24 hours I've been getting the email every 5 minutes. Is this something I should be worried about? Is the cron job failing or is it just a warning? Example: Executable: /opt/cpanel/ea-php71/root/usr/bin/php Command Line (often faked in exploits): /opt/cpanel/ea-php71/root/usr/bin/php -d memory_limit=-1 -d max_execution_time=0 /home/user/public_html/applications/core/interface/task/task.php [number from admin panel]
Aiwa Posted May 14, 2018 Posted May 14, 2018 If that's the correct path to php on your server, the cron task is fine. Now, if there is malicious code in your IPS files, that's a different story. Run the support tool in the ACP and see if there are any modified files.
Graeme S. Posted May 14, 2018 Author Posted May 14, 2018 2 hours ago, Aiwa said: If that's the correct path to php on your server, the cron task is fine. Now, if there is malicious code in your IPS files, that's a different story. Run the support tool in the ACP and see if there are any modified files. Yeah, no issues with modified files. Just so I'm clear, the suspicious file warning is just a warning, it's not actually blocking any task from running?
Graeme S. Posted May 14, 2018 Author Posted May 14, 2018 And if this is all good, would love to mute these specific warnings as I'm getting hundreds ?
bfarber Posted May 15, 2018 Posted May 15, 2018 Ok, so my first recommendation is to take the command in your cron job and run it manually 20-30 times on your server. See if you can get any odd output to show up, which might lead you to a bug or error occurring, which might explain the suspicious email. To answer your other question, yes you can suppress the output of a cron job. You edit the cron job and add the following to the end > /dev/null 2>&1 I would sort of consider this a bandaid in this case, however, as the email you're getting is probably a warning that "something isn't right" and that something should be figured out.
Graeme S. Posted May 15, 2018 Author Posted May 15, 2018 3 hours ago, bfarber said: Ok, so my first recommendation is to take the command in your cron job and run it manually 20-30 times on your server. See if you can get any odd output to show up, which might lead you to a bug or error occurring, which might explain the suspicious email. To answer your other question, yes you can suppress the output of a cron job. You edit the cron job and add the following to the end > /dev/null 2>&1 I would sort of consider this a bandaid in this case, however, as the email you're getting is probably a warning that "something isn't right" and that something should be figured out. I think you're right here. Looks like elasticsearch crashed and the warnings started after it stopped. Need to figure out how to get a better notice if elasticsearch has issues. Going to ask an expert to look at configuring.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.