Jump to content


These Forums Are Now Read-Only


For TubePress support, please post a question here or open a support ticket and we will be glad to assist.


Photo

Suspicious File Alert After Upgrading Tubepress To 4.1.5


  • Please log in to reply
9 replies to this topic

#1 Legin76

Legin76

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 23 April 2015 - 09:51 AM

Since upgrading TubePress to 4.1.5 my firewall has been sending suspicious file warnings. It was fine with the previous version.

The has ConfigServer Security & Firewall installed and it's flagging up the TubePress system cache.


lfd on server.name: Suspicious File Alert
Time: Thu Apr 23 13:47:13 2015 +0100
File: /tmp/tubepress-system-cache-4a8e89b21cf417969e22c08b09e9471a/TubePress-4.1.5-ServiceContainer.php
Reason: Script, file extension

File: /tmp/tubepress-system-cache-4a8e89b21cf417969e22c08b09e9471a/twig/31/31/1df602a7629b43edcaee5a51fdcb5dede2301ea55069c26be2220c336e97.php

The cache in TubePress is turned off but it still keeps uploading files to the tmp directory. I've tried turning the cache on and setting a directory in the site structure for it with permissions of 777 but it appears to make no difference. In fact it does not appear to use the set cache directory at all.

Deleting the /tmp/ cache file makes no difference and it creates a new one straight away.



#2 Legin76

Legin76

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 25 April 2015 - 10:10 AM

Hi.. I'm getting new alerts constantly... I'm not sure if it's on page views or when someone views something thats not been in a while but I need to stop it.



#3 brandon

brandon

    Advanced Member

  • TubePress Staff
  • 1989 posts

Posted 27 April 2015 - 08:52 PM

You can turn the cache off and then place ?tubepress_clear_system_cache=true at the end of your website URL.

 

That should stop the cache.

 

As to why your firewall is flagging PHP files, not sure.

 

Thanks!


Want a faster, more personalized support experience? Open a ticket with us! We will be gradually phasing out forum-based support in favor of a proper ticketing system. Please help us help you!


#4 Legin76

Legin76

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 28 April 2015 - 05:08 AM

Hi, Thank you for your reply.

It's already upgraded to 4.1.6.

Running ?tubepress_clear_system_cache=true appeared to cause some changes. It forced me to do the api update and cleared the cache. However it's still using the /tmp/ directory even if the cache is turned on. It does not use the cache directory that I created at all.

I think the security flags any php in the tmp directory and to be honest in the past it has always been right. Looking at other scripts that use the /tmp they use different extensions for it. I think it would be fine if it didn't use the temp when the cache was turned off or used the set directory instead of /tmp.

Currently I have files in /tmp/tubepress-system-cache-4a8e89b21cf417969e22c08b09e9471a/ including TubePress-4.1.6-ServiceContainer.php

#5 eric

eric

    Lead Developer

  • TubePress Staff
  • 2787 posts

Posted 29 April 2015 - 01:11 AM

I'll take a closer look at this ASAP and report back. Thanks for the report.



#6 eric

eric

    Lead Developer

  • TubePress Staff
  • 2787 posts

Posted 30 April 2015 - 01:13 AM

The first time you run TubePress (or any new version of TubePress) it will cache a large amount of internal data to the filesystem. This allows it to run extremely fast upon subsequent invocations. By default TubePress will store this data into your webserver's temp directory (/tmp) in your case.

 

You can change the storage path by editing config/settings.php inside your TubePress content directory. So in WordPress this would be at wp-content/tubepress-content/config/settings.php. In standalone PHP this is located at <TubePress base>/tubepress-content/config/settings.php. Look for the following line:

//'directory' => '/some/directory',

then uncomment it and enter the path of a writable directory. e.g.

'directory' => '/home/eric/tmp',

You can look at the rest of settings.php for other low-level settings. You can even disable this caching entirely, though that will likely bring your site to a crawl.

 

Does that make sense and answer your question?



#7 Legin76

Legin76

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 30 April 2015 - 04:21 AM

Thanks but I'm afraid there is no wp-content/tubepress-content/ directory, only wp-content/plugins/tubepress. I've checked in there and there is no setting or content directory. It does have the tubepress-cache directory that I created but that remains empty.

I've now upgraded to 4.1.8, with no change.. Every time I delete the tubepress-system-cache it shows up on the next page load.

There are other cache directories in /wp-content for other apps, which I assume were created by the apps themselves. Could the missing one be the reason? For that matter can Tubepress not install it's own cache directory in there and move it's cache to there. Or move it to the set directory once one is created and turned on? If the files only use the /tmp briefly then it wouldn't flag it up or at least only once.

I'd turn the warning off but then I wouldn't be alerted to joomla sites being hacked.

#8 Legin76

Legin76

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 18 May 2015 - 06:46 AM

Hi...

I've managed to get the cache to work in the correct directory. Previously I had set it based on the root of the site rather than the server.

It is still using /tmp/tubepress-system-cache- though. Now the cache file is set up and working can it not just use that directory and not the /tmp/. If it has to use the /tmp directory then possibly change the extension to something like ".cache" rather than ".php".

#9 brandon

brandon

    Advanced Member

  • TubePress Staff
  • 1989 posts

Posted 18 May 2015 - 10:39 PM

you can set the cache location from within the TubePress settings area of your WordPress dashboard.  You may also need to place ?tubepress_clear_system_cache=true to the end of your URL.

 

Thanks!


Want a faster, more personalized support experience? Open a ticket with us! We will be gradually phasing out forum-based support in favor of a proper ticketing system. Please help us help you!


#10 Legin76

Legin76

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 19 May 2015 - 03:14 AM

The cache is set and there are some in the set cache folder. I'm afraid ?tubepress_clear_system_cache=true doesn't appear to do anything.. I've tried it on the end of the root domain, the video page, the admin and the tubepress admin page (with an & instead of ?). I can manually delete the files from /tmp but they re-appear a few seconds later.