Hi, please see my reply below.

On Mon, Sep 2, 2024 at 6:34 PM <fc338339@hotmail.com> wrote:

Dear Sirs,

There are a malware found by RsFirewall system check when installed phpmyadmin in my website

1. Suspicious filename found. Files with a dot in front of them are usually hidden by the operating system.
File : phpmyadmin/.rtlcssrc.json

phpmyadmin/.rtlcssrc.json
Suspicious filename found. Files with a dot in front of them are usually hidden by the operating system.

This is a bit interesting. I don’t know anything about RsFirewall, but the second half of that is true; files starting with a dot are commonly hidden from many operating systems. I would say the primary reason for this is to avoid cluttering your normal directory view with showing configuration or user preference files (see

https://en.m.wikipedia.org/wiki/Hidden_file_and_hidden_directory for instance). In this case it’s not at all suspicious, I think it’s pretty normal to have a configuration file that's hidden like this (besides, there's not much we can do to control where the rtlcss program looks for that file, see https://rtlcss.com/learn/usage-guide/cli/index.html).

The file has been modified Thursday, 02 May 2024

{
"map": true
}

can we remove this file (.rtlcssrc.json) ? or just remove the dot ?

I don't know what will happen if you remove the file, it's possible that left-to-right languages will still appear like normal and it would only cause problems for right-to-left localizations — but I don't know, I haven't tested it, and removing the file is not supported. Likewise, removing the dot would have the same effect, so that's not recommended either. You could move the file out of the way for testing or I recommend leaving it in place and whitelisting it in your scanner software.

Regards,

Isaac

Thanks
_______________________________________________
Developers mailing list -- developers@phpmyadmin.net
To unsubscribe send an email to developers-leave@phpmyadmin.net