Cached Ransomware?
-
I have “File Server Resource Manager” running on my web server with various rules to block certain file types. I have recently been getting alert emails stating the following:
“User NT AUTHORITY\IUSR attempted to save D:\www\website\wp-content\cache\comet-cache\cache\http\web-url\tag\cryptolocker.html-58d8c1212adf3089930471-tmp to D:\ on the WEB-NAME server. This file is in the “Ransomware extensions” file group, which is not permitted on the server.”
Ransomware extensions are listed here: https://fsrm.experiant.ca/
I know that my web server is healthy and running as expected. So where does Comet Cache find that file?Thanks
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
- The topic ‘Cached Ransomware?’ is closed to new replies.