I recently experienced tampering with my website, so I installed Tamper-proof for Enterprise 3.7.
- The owner of the file was set to “root” and Tamper-proof was activated. No whitelist was specified and file upload via sftp was also blocked.
However, file modification occurred today.
Login is not possible because SSH and aaPanel have IP restrictions.
There was also no record in Nginx's Access log.
Tamper-proof had the following log:
Could you tell me what [cp] means?
[2024-06-04 00:00:05] [modify] [/www/wwwroot/domain.com/page.php] [root] [cp]