Suspicious Files reported by CXS Cpanel

[ParsaSwift]

(1) userx22, Scanning /home/userx22/public_html:

'/home/userx22/public_html/api/vendor/symfony/console/Resources/bin/hiddeninput.exe' MS Windows Binary/Executable [application/x-winexec]

'/home/userx22/public_html/api/vendor/symfony/debug/Resources/ext/symfony_debug.c' Suspicious file type [application/x-c]

[chriskapp]

Hi, so the hiddeninput.exe file is needed in the symfony console package to provide a way on windows to enter a password without showing it on the screen. It is also used by composer, the repository is at https://github.com/Seldaek/hidden-input so I think it is no problem. It is probably marked as suspicious simply because it is an .exe file.

The symfony_debug.c is the source code of the symfony debug PHP extension. The the code simply lies in the repository so it comes through composer. In the latest version the C code was also removed so if we update the dependency the file gets removed.

[ParsaSwift]

thank you

[ParsaSwift]

also when I refresh the pages like /developer/documentation/* it gives me 404 error from LiteSpeed i think it is a cause of htaccess or something

[chriskapp]

Yes, so the /developer/documentation/ app contains a base tag <base href="/developer/"> which you may need to adjust to your base path and it contains also a .htaccess file with RewriteBase /developer. By defualt Fusio assumes that it gets installed on a custom sub-domain i.e. api.acme.com. The developer app needs this base tag so that we can use clean urls like i.e. /developer/documentation/ instead of /developer/index.html#!/documentation/. This is needed especially for the Oauth2 authorize endpoint since some OAuth2 clients cant redirect to hash-tag based urls.

[Geekgurus]

Here's a simple .htaccess file code you can use for RewriteBase.

Options -MultiViews -Indexes RewriteEngine On # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} (.+)/$ RewriteRule ^ %1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L]