Urgent - security issue? strange zend_cache files in /var/www/imscp/gui/data/cache

  • today I have noticed that strange zend_cache files were generated in the /var/www/imscp/gui/data/cache folder on all servers, these contain all imscp configs passwords etc.

    Are these internal i-mscp processes?

    Even if I delete the files, new ones are generated again immediately.


    Can someone access or download these files from outside?

  • ### BUMP ###


    I have renamed the web tools, also set the panel in Maintenance mode, the files are still generated ...

    should I ignore this or should I go to bed ... any Idea?

  • I-MSCP & any other stuff latest version


    my panel is running under PHP 7.0 with latest phpswitcher

    with the sury.org sources all PHP versions are packaged not self compiled

    there was an sury update in the afternoon and now again in the evening ...


    so that is what I did for now:

    Code
    1. phpdismod -v 7.0 apcu
    2. phpdismod -v 7.0 opcache
    3. phpdismod -v 7.0 gettext
    4. service php7.0-fpm restart
    5. service nginx restart
    6. service imscp_panel restart
    7. php7.0 -v

    I have no idea if it helps or what's going on

    need some help here!


    it's still going on with generated zend cache files

    Edited 2 times, last by fulltilt ().

  • No worries, fulltilt!


    The files are owned by vu2000 and 0600 (u+rw). No one else beside vu2000 and root can read these files (beside you allowed someone). They are necessary for caching. If you switch caching off, they won't be generated.

    Edited once, last by Starlight ().

  • No worries, fulltilt!


    The files are owned by vu2000 and 400 (u+rw). No one else beside vu2000 and root can read these files (beside you allowed someone). They are necessary for caching. If you switch caching off, they won't be generated.

    OK, the files are owned by vu2000:vu2000 but the permission mode is 0600 (rw)

    everything is stored inside ... all configs, keys, passwords everything

  • I have already disabled the cache

    Code
    1. phpdismod -v 7.0 apcu
    2. phpdismod -v 7.0 opcache
    3. phpdismod -v 7.0 gettext

    but they are still re-genertated in /var/www/imscp/gui/data/cache


    is gettext needed ... should I re-activate these modules?

  • before yesterday's PHP update I only saw these zend files once generated in the cache ... now these files are generated when the login page is vsited by a webbrowser


    also group permission shows that any customer and mail is a member of the vu2000 group

    is that really correctly?

    Code
    1. # grep 'vu2000' /etc/group
    2. mail:x:8:vu2000
    3. imscp:x:1002:vmail,vu2000
    4. vu2000:x:1003:www-data
    5. vu2009:x:1004:www-data,vu2000
    6. vu2010:x:1006:www-data,vu2000
    7. vu2011:x:1007:www-data,vu2000
    8. # groups vu2000
    9. vu2000 : vu2000 mail imscp vu2009 vu2010 vu2011