Home › Forums › BulletProof Security Pro › Core Dump Files – Linux Core Dump Files, core.xxx files quararantined
Tagged: core, Core Dump Files, core.xxx, Linux, Quarantine
- This topic has 4 replies, 2 voices, and was last updated 8 years, 7 months ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
core.xxx files are being quarantined. Linux Core Dump files are being dumped/created into the the document root folder of a hosting account and being quarantined by AutoRestore|Quarantine. Linux Core Dump files are used for debugging and may indicate that a serious problem is occurring that needs to be fixed or depending on how the Linux server is configured the Core Dump files may just be configured as a “regular” “normal” routine/event.
Linux Core Dump File References:
https://linux.die.net/man/5/core
https://stackoverflow.com/questions/775872/why-are-core-dump-files-generated
https://en.wikipedia.org/wiki/Core_dump#Core_dump_filesLinux Core Dump File Solution: Have your web host change the folder location where linux core dump files are created.
https://stackoverflow.com/questions/16048101/changing-location-of-core-dumpYes, it is. You can change
/proc/sys/kernel/core_pattern
to define the pathname used to generate the corefile. For more, seeman core
example:
echo '/tmp/core_%e.%p' | sudo tee /proc/sys/kernel/core_pattern
would cause all future core dumps to be generated in
/tmp
and be namedcore_[program].[pid]
PaulParticipantThis is what i,m getting at time of quarantine of above
[403 GET Request: February 25, 2016 7:17 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 92.50.213.169 Host Name: 92.50.213.169 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: 109.203.113.174 HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/plugins/events-manager/em-actions.php QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.700.3 Safari/534.24
AITpro AdminKeymaster@ Paul – please explain whatever problem is occurring in more detail. ie is a file being quarantined? If so, is the file being repeatedly quarantined? What is the name of the file? Please post any other details about what the problem is exactly so that will assist me to troubleshoot whatever the problem is.
PaulParticipantThe files core.338798, core.338276 and many other core files keep getting quarantined, the log above coincided with them being quarantined
AITpro AdminKeymasterOk I understand now. The core dump file problem is the root problem that you will need to contact your host about to get fixed. You can send this forum link to your host as a reference so that they understand exactly what the issue/problem is. A secondary problem that may or may not be occurring is that the /events-manager/em-actions.php has a coding mistake in it, which may be triggering the core dump file problem. Or it may just be a random coincidence that the Security Log entry is being logged around the same time the core dump file problem occurrs. Once again the root problem is the core dump file problem that you will need to contact your host about to get that issue/problem fixed.
-
AuthorPosts
- You must be logged in to reply to this topic.