Support community for TTG plugins and products.
NOTICE
The Turning Gate's Community has moved to a new home, at https://discourse.theturninggate.net.
This forum is now closed, and exists here as a read-only archive.
You are not logged in.
My hosting company sent me this warning:
ImunifyAV has detected malware on the following websites:
whatwant.ca Infected 1 file
~~
photog/backlight/data/sessions/sess_7d9t3hhrt6adb5r3vfnp0547vo
~~
I see that the sessions folder and this file is created automatically by Backlight 2. Is there a remedy for this?
Charles
Offline
Hi Charles, the session folder is there to manage everything related to your session. If it wasn't then the page wouldn't remember anything about your visit from one page to the next - things like which language you've chosen, whether you're logged in, etc. The only thing we doing different from the norm is to save the sessions within our data directory rather than in the default location (which would be some system folder configured in the system PHP settings).
I made this change to avoid a common issue of hosts misconfiguring their servers in ways that caused the default system location to not work.
Are you getting this alert for all files within the data/sessions directory?
Some remedies:
1. Whitelist that directory with ImunifyAV
2. If this is an isolated case for a single visitor, then email me that exact file so I can take a look -- perhaps somebody has attempted something malicious with your site, with the contents of that attempt being part of the file
3. Edit our session handling file so that it uses the default system location for sessions (I can advise on that if that's what you want to do)
4. Disable the custom session directory via a setting in env.php (this functionality does not yet exist so would require an update to the code from me)
Offline
Thanks Ben. I was able to go into the control panel of my hosting company and whitelist the sessions file.
Charles
Offline