csf.pignore - ignore a wget command

webdesires

Registered
Sep 21, 2020
1
0
1
cannock
cPanel Access Level
Root Administrator
Hello guys,
We get alerts from CSF/LFD many times a day about a command running from one of our clients websites. The email reads (changed a little so url isnt correct):

lfd on server1.hostname.com: Suspicious process running under user lloydmorgan

Executable: /usr/bin/wget

Command Line (often faked in exploits):
wget --quiet --delete-after --no-check-certificate https://domain.co.uk/index.php?route=information/feedportwest

I have setup in the csf.pignore a few different commands and all dont work including:
pcmd:/usr/bin/wget --quiet --delete-after --no-check-certificate https:\/\/domain\.co\.uk\/*
pcmd:wget --quiet --delete-after --no-check-certificate https:\/\/domain\.co\.uk\/*
pcmd:wget --quiet --delete-after --no-check-certificate https://domain.co.uk/*

What am i doing wrong, how can i ignore this process correctly by wildcard the wget domain? Is it possible?
 
Last edited by a moderator: