Suspicious File Alert

[pooyan]

Dear Team,
Please help me who can i do fix this problem?

Centos 6
cPanel
LSWS final version

Time: Thu May 30 20:30:12 2013 +0430
File: /tmp/phpDHsp29
Reason: Script, starts with #!
Owner: account_user_name:account_user_name (538:535)
Action: Moved into /etc/csf/suspicious.tar

 

[webizen]

this alert is from LFD (part of CSF). it means the account_user_name (538:535) runs a suspicious php script that is caught by lfd. you need to verify if the script indeed has any issue and deal with it (remove or something else). this has nothing to do with lsws.

 

[pooyan]

We believe this is a conflict between lsws and maybe mode_sec or CSF, Because when we switch to apache will not receive this warning again!
We've already told you and told you it is time to upgrade lsws.

 

[pooyan]

After upgrade lsws to 4.2.3 problem fixed!

 

[pooyan]

Problem not fixed
Please tell me solution.

 

[pooyan]

Pls help problem not fixed and you not answer for this problem
Related http://www.litespeedtech.com/support/forum/showthread.php?t=6148

 

[webizen]

see if you can extract the file in question (ie, /tmp/phpDHsp29) from the tar file and check what's in it.