Hi, please see my reply below.
On Mon, Sep 2, 2024 at 6:34 PM <fc338339(a)hotmail.com> wrote:
Dear Sirs,
There are a malware found by RsFirewall system check when installed
phpmyadmin in my website
1. Suspicious filename found. Files with a dot in front of them are
usually hidden by the operating system.
File : phpmyadmin/.rtlcssrc.json
phpmyadmin/.rtlcssrc.json
Suspicious filename found. Files with a dot in front of them are usually
hidden by the operating system.
This is a bit interesting. I don’t know anything about RsFirewall, but the
second half of that is true; files starting with a dot are commonly hidden
from many operating systems. I would say the primary reason for this is to
avoid cluttering your normal directory view with showing configuration or
user preference files (see
https://en.m.wikipedia.org/wiki/Hidden_file_and_hidden_directory for
instance). In this case it’s not at all suspicious, I think it’s pretty
normal to have a configuration file that's hidden like this (besides,
there's not much we can do to control where the rtlcss program looks for
that file, see
https://rtlcss.com/learn/usage-guide/cli/index.html).
The file has been modified Thursday, 02 May 2024
{
"map": true
}
can we remove this file (.rtlcssrc.json) ? or just remove the dot ?
I don't know what will happen if you remove the file, it's possible that
left-to-right languages will still appear like normal and it would only
cause problems for right-to-left localizations — but I don't know, I
haven't tested it, and removing the file is not supported. Likewise,
removing the dot would have the same effect, so that's not recommended
either. You could move the file out of the way for testing or I recommend
leaving it in place and whitelisting it in your scanner software.
Regards,
Isaac
Thanks
_______________________________________________
Developers mailing list -- developers(a)phpmyadmin.net
To unsubscribe send an email to developers-leave(a)phpmyadmin.net