Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

LFD Notice of Suspicious Process

Discussion in 'Security' started by Barry Su, Mar 24, 2018.

Tags:
  1. Barry Su

    Barry Su Registered

    Joined:
    Mar 24, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    China
    cPanel Access Level:
    Root Administrator
    I got lfd notices of suspicious process and excessive process after an open source program was installed with some plugins activated. lfd notice is a great feature telling me something is wrong in my server. Site became extremely slow because of suspicious process, so I simply removed the folder the program had been installed, and then everything is normal. I have experienced this kind of issue several times, and problems were fixed quickly with lfd notices. Thanks great feature of cPanel.

    Now I am receiving a lots notices of this type of emails minute after minute and all day long from one bigger server with many client websites hosted, and files are accumulated to 1.5 GB a day so my programmer has to remove them manually everyday. It is something out of our control, and let me post some of them here for help:

    Code:
    lfd on dxds1962.example.com: Suspicious process running under user fangchan
    
    ]root@dxds1962.example.com
    1:00 AM (1 hour ago)
    
    to root
    
    
    
    Time:    Sat Mar 24 01:00:15 2018 -0700
    PID:     18925 (Parent PID:14822)
    Account: fangchan
    Uptime:  11516 seconds
    
    
    Executable:
    
    /opt/cpanel/ea-php54/root/usr/bin/php-cgi
    
    
    Command Line (often faked in exploits):
    
    /opt/cpanel/ea-php54/root/usr/bin/php-cgi
    
    
    Network connections by the process (if any):
    
    tcp: [URL='http://173.82.178.26:38874/']173.82.178.26:38874[/URL] -> [URL='http://173.82.11.58:3306/']173.82.11.58:3306[/URL]
    
    
    Files open by the process (if any):
    
    
    
    Memory maps by the process (if any):
    
    00400000-00921000 r-xp 00000000 08:04 1836258                            /opt/cpanel/ea-php54/root/usr/bin/php-cgi
    00b21000-00bd7000 rw-p 00521000 08:04 1836258                            /opt/cpanel/ea-php54/root/usr/bin/php-cgi
    00bd7000-00bf6000 rw-p 00000000 00:00 0
    02203000-0249e000 rw-p 00000000 00:00 0                                  [heap]
    7fefec000000-7fefec021000 rw-p 00000000 00:00 0
    7fefec021000-7feff0000000 ---p 00000000 00:00 0
    7feff325c000-7feff3291000 r--s 00000000 08:02 4718598                    /var/db/nscd/hosts
    7feff3291000-7feff3292000 ---p 00000000 00:00 0
    7feff3292000-7feff3c92000 rwxp 00000000 00:00 0
    7feff3c92000-7feff3cd3000 rw-p 00000000 00:00 0
    7feff3cd3000-7feff3ce8000 r-xp 00000000 08:04 1838289                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/zip.so
    7feff3ce8000-7feff3ee8000 ---p 00015000 08:04 1838289                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/zip.so
    7feff3ee8000-7feff3eea000 rw-p 00015000 08:04 1838289                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/zip.so
    7feff3eea000-7feff3eed000 r-xp 00000000 08:04 1569894                    /lib64/libgpg-error.so.0.5.0
    7feff3eed000-7feff40ec000 ---p 00003000 08:04 1569894                    /lib64/libgpg-error.so.0.5.0
    7feff40ec000-7feff40ed000 r--p 00002000 08:04 1569894                    /lib64/libgpg-error.so.0.5.0
    7feff40ed000-7feff40ee000 rw-p 00003000 08:04 1569894                    /lib64/libgpg-error.so.0.5.0
    7feff40ee000-7feff4160000 r-xp 00000000 08:04 1569897                    /lib64/libgcrypt.so.11.5.3
    7feff4160000-7feff435f000 ---p 00072000 08:04 1569897                    /lib64/libgcrypt.so.11.5.3
    7feff435f000-7feff4360000 r--p 00071000 08:04 1569897                    /lib64/libgcrypt.so.11.5.3
    7feff4360000-7feff4363000 rw-p 00072000 08:04 1569897                    /lib64/libgcrypt.so.11.5.3
    7feff4363000-7feff439e000 r-xp 00000000 08:03 3280673                    /usr/lib64/libxslt.so.1.1.26
    7feff439e000-7feff459e000 ---p 0003b000 08:03 3280673                    /usr/lib64/libxslt.so.1.1.26
    7feff459e000-7feff45a0000 rw-p 0003b000 08:03 3280673                    /usr/lib64/libxslt.so.1.1.26
    7feff45a0000-7feff45b3000 r-xp 00000000 08:03 3280670                    /usr/lib64/libexslt.so.0.8.15
    7feff45b3000-7feff47b3000 ---p 00013000 08:03 3280670                    /usr/lib64/libexslt.so.0.8.15
    7feff47b3000-7feff47b4000 rw-p 00013000 08:03 3280670                    /usr/lib64/libexslt.so.0.8.15
    7feff47b4000-7feff47bb000 r-xp 00000000 08:04 1838300                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/xsl.so
    7feff47bb000-7feff49bb000 ---p 00007000 08:04 1838300                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/xsl.so
    7feff49bb000-7feff49bc000 rw-p 00007000 08:04 1838300                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/xsl.so
    7feff49bc000-7feff49c4000 r-xp 00000000 08:04 1838299                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/xmlwriter.so
    7feff49c4000-7feff4bc4000 ---p 00008000 08:04 1838299                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/xmlwriter.so
    7feff4bc4000-7feff4bc7000 rw-p 00008000 08:04 1838299                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/xmlwriter.so
    7feff4bc7000-7feff4bcd000 r-xp 00000000 08:04 1838298                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/xmlreader.so
    7feff4bcd000-7feff4dcd000 ---p 00006000 08:04 1838298                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/xmlreader.so
    7feff4dcd000-7feff4dce000 rw-p 00006000 08:04 1838298                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/xmlreader.so
    7feff4dce000-7feff4dd6000 r-xp 00000000 08:04 1838296                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/wddx.so
    7feff4dd6000-7feff4fd5000 ---p 00008000 08:04 1838296                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/wddx.so
    7feff4fd5000-7feff4fd6000 rw-p 00007000 08:04 1838296                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/wddx.so
    7feff4fd6000-7feff4fe0000 r-xp 00000000 08:04 1838297                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/xml.so
    7feff4fe0000-7feff51e0000 ---p 0000a000 08:04 1838297                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/xml.so
    7feff51e0000-7feff51e2000 rw-p 0000a000 08:04 1838297                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/xml.so
    7feff51e2000-7feff51e5000 r-xp 00000000 08:04 1838306                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/tokenizer.so
    7feff51e5000-7feff53e5000 ---p 00003000 08:04 1838306                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/tokenizer.so
    7feff53e5000-7feff53e6000 rw-p 00003000 08:04 1838306                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/tokenizer.so
    7feff53e6000-7feff53f0000 r-xp 00000000 08:04 1838309                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/sqlite3.so
    7feff53f0000-7feff55ef000 ---p 0000a000 08:04 1838309                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/sqlite3.so
    7feff55ef000-7feff55f1000 rw-p 00009000 08:04 1838309                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/sqlite3.so
    7feff55f1000-7feff55fc000 r-xp 00000000 08:04 1838295                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/simplexml.so
    7feff55fc000-7feff57fb000 ---p 0000b000 08:04 1838295                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/simplexml.so
    7feff57fb000-7feff57fd000 rw-p 0000a000 08:04 1838295                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/simplexml.so
    7feff57fd000-7feff5803000 r-xp 00000000 08:04 1831566                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/posix.so
    7feff5803000-7feff5a02000 ---p 00006000 08:04 1831566                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/posix.so
    7feff5a02000-7feff5a04000 rw-p 00005000 08:04 1831566                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/posix.so
    7feff5a04000-7feff5a43000 r-xp 00000000 08:04 1838305                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/phar.so
    7feff5a43000-7feff5c42000 ---p 0003f000 08:04 1838305                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/phar.so
    7feff5c42000-7feff5c45000 rw-p 0003e000 08:04 1838305                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/phar.so
    7feff5c45000-7feff5cd0000 r-xp 00000000 08:03 3277105                    /usr/lib64/libsqlite3.so.0.8.6
    7feff5cd0000-7feff5ed0000 ---p 0008b000 08:03 3277105                    /usr/lib64/libsqlite3.so.0.8.6
    7feff5ed0000-7feff5ed3000 rw-p 0008b000 08:03 3277105                    /usr/lib64/libsqlite3.so.0.8.6
    7feff5ed3000-7feff5ed4000 rw-p 00000000 00:00 0
    7feff5ed4000-7feff5eda000 r-xp 00000000 08:04 1838308                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/pdo_sqlite.so
    7feff5eda000-7feff60d9000 ---p 00006000 08:04 1838308                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/pdo_sqlite.so
    7feff60d9000-7feff60da000 rw-p 00005000 08:04 1838308                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/pdo_sqlite.so
    7feff60da000-7feff60e0000 r-xp 00000000 08:04 1838404                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/pdo_mysqlnd.so
    7feff60e0000-7feff62e0000 ---p 00006000 08:04 1838404                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/pdo_mysqlnd.so
    7feff62e0000-7feff62e1000 rw-p 00006000 08:04 1838404                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/pdo_mysqlnd.so
    7feff62e1000-7feff62f7000 r-xp 00000000 08:04 1838121                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/pdo.so
    7feff62f7000-7feff64f7000 ---p 00016000 08:04 1838121                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/pdo.so
    7feff64f7000-7feff64fa000 rw-p 00016000 08:04 1838121                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/pdo.so
    7feff64fa000-7feff6515000 r-xp 00000000 08:04 1838403                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/mysqlnd_mysqli.so
    7feff6515000-7feff6714000 ---p 0001b000 08:04 1838403                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/mysqlnd_mysqli.so
    7feff6714000-7feff6719000 rw-p 0001a000 08:04 1838403                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/mysqlnd_mysqli.so
    7feff6719000-7feff6723000 r-xp 00000000 08:04 1838402                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/mysqlnd_mysql.so
    7feff6723000-7feff6923000 ---p 0000a000 08:04 1838402                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/mysqlnd_mysql.so
    7feff6923000-7feff6925000 rw-p 0000a000 08:04 1838402                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/mysqlnd_mysql.so
    7feff6925000-7feff6b5c000 r-xp 00000000 08:04 1833848                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/mysqlnd.so
    7feff6b5c000-7feff6d5c000 ---p 00237000 08:04 1833848                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/mysqlnd.so
    7feff6d5c000-7feff6d61000 rw-p 00237000 08:04 1833848                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/mysqlnd.so
    7feff6d61000-7feff6d63000 rw-p 00000000 00:00 0
    7feff6d63000-7feff6e94000 r-xp 00000000 08:04 1833843                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/mbstring.so
    7feff6e94000-7feff7094000 ---p 00131000 08:04 1833843                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/mbstring.so
    7feff7094000-7feff70a0000 rw-p 00131000 08:04 1833843                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/mbstring.so
    7feff70a0000-7feff70aa000 r-xp 00000000 08:04 1838304                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/json.so
    7feff70aa000-7feff72a9000 ---p 0000a000 08:04 1838304                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/json.so
    7feff72a9000-7feff72aa000 rw-p 00009000 08:04 1838304                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/json.so
    7feff72aa000-7feff72b3000 r-xp 00000000 08:04 1838284                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/iconv.so
    7feff72b3000-7feff74b3000 ---p 00009000 08:04 1838284                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/iconv.so
    7feff74b3000-7feff74b4000 rw-p 00009000 08:04 1838284                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/iconv.so
    7feff74b4000-7feff74b6000 r-xp 00000000 08:03 3278282                    /usr/lib64/libXau.so.6.0.0
    7feff74b6000-7feff76b6000 ---p 00002000 08:03 3278282                    /usr/lib64/libXau.so.6.0.0
    7feff76b6000-7feff76b7000 rw-p 00002000 08:03 3278282                    /usr/lib64/libXau.so.6.0.0
    7feff76b7000-7feff76db000 r-xp 00000000 08:03 3278334                    /usr/lib64/libxcb.so.1.1.0
    7feff76db000-7feff78db000 ---p 00024000 08:03 3278334                    /usr/lib64/libxcb.so.1.1.0
    7feff78db000-7feff78dc000 rw-p 00024000 08:03 3278334                    /usr/lib64/libxcb.so.1.1.0
    7feff78dc000-7feff7974000 r-xp 00000000 08:03 3277095                    /usr/lib64/libfreetype.so.6.3.22
    7feff7974000-7feff7b73000 ---p 00098000 08:03 3277095                    /usr/lib64/libfreetype.so.6.3.22
    7feff7b73000-7feff7b79000 rw-p 00097000 08:03 3277095                    /usr/lib64/libfreetype.so.6.3.22
    7feff7b79000-7feff7bb8000 r-xp 00000000 08:03 3277169                    /usr/lib64/libjpeg.so.62.0.0
    7feff7bb8000-7feff7db8000 ---p 0003f000 08:03 3277169                    /usr/lib64/libjpeg.so.62.0.0
    7feff7db8000-7feff7db9000 rw-p 0003f000 08:03 3277169                    /usr/lib64/libjpeg.so.62.0.0
    7feff7db9000-7feff7dc9000 rw-p 00000000 00:00 0
    7feff7dc9000-7feff7dee000 r-xp 00000000 08:03 3277165                    /usr/lib64/libpng12.so.0.49.0
    7feff7dee000-7feff7fee000 ---p 00025000 08:03 3277165                    /usr/lib64/libpng12.so.0.49.0
    7feff7fee000-7feff7fef000 rw-p 00025000 08:03 3277165                    /usr/lib64/libpng12.so.0.49.0
    7feff7fef000-7feff8000000 r-xp 00000000 08:03 3278384                    /usr/lib64/libXpm.so.4.11.0
    7feff8000000-7feff81ff000 ---p 00011000 08:03 3278384                    /usr/lib64/libXpm.so.4.11.0
    7feff81ff000-7feff8200000 rw-p 00010000 08:03 3278384                    /usr/lib64/libXpm.so.4.11.0
    7feff8200000-7feff8337000 r-xp 00000000 08:03 3278338                    /usr/lib64/libX11.so.6.3.0
    7feff8337000-7feff8537000 ---p 00137000 08:03 3278338                    /usr/lib64/libX11.so.6.3.0
    7feff8537000-7feff853d000 rw-p 00137000 08:03 3278338                    /usr/lib64/libX11.so.6.3.0
    7feff853d000-7feff8582000 r-xp 00000000 08:03 3285516                    /usr/lib64/libt1.so.5.1.2
    7feff8582000-7feff8781000 ---p 00045000 08:03 3285516                    /usr/lib64/libt1.so.5.1.2
    7feff8781000-7feff8785000 rw-p 00044000 08:03 3285516                    /usr/lib64/libt1.so.5.1.2
    7feff8785000-7feff879b000 rw-p 00000000 00:00 0
    7feff879b000-7feff87e8000 r-xp 00000000 08:04 1838283                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/gd.so
    7feff87e8000-7feff89e7000 ---p 0004d000 08:04 1838283                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/gd.so
    7feff89e7000-7feff89ed000 rw-p 0004c000 08:04 1838283                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/gd.so
    7feff89ed000-7feff89f1000 rw-p 00000000 00:00 0
    7feff89f1000-7feff8c34000 r-xp 00000000 08:04 1834050                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/ftp.so
    7feff8c34000-7feff8e34000 ---p 00243000 08:04 1834050                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/ftp.so
    7feff8e34000-7feff8e67000 rw-p 00243000 08:04 1834050                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/ftp.so
    7feff8e67000-7feff8e6b000 rw-p 00000000 00:00 0
    7feff8e6b000-7feff8e91000 r-xp 00000000 08:04 1832468                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/dom.so
    7feff8e91000-7feff9091000 ---p 00026000 08:04 1832468                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/dom.so
    7feff9091000-7feff9096000 rw-p 00026000 08:04 1832468                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/dom.so
    7feff9096000-7feff90cf000 r-xp 00000000 08:04 1569861                    /lib64/libnspr4.so
    7feff90cf000-7feff92cf000 ---p 00039000 08:04 1569861                    /lib64/libnspr4.so
    7feff92cf000-7feff92d0000 r--p 00039000 08:04 1569861                    /lib64/libnspr4.so
    7feff92d0000-7feff92d2000 rw-p 0003a000 08:04 1569861                    /lib64/libnspr4.so
    7feff92d2000-7feff92d4000 rw-p 00000000 00:00 0
    7feff92d4000-7feff92d8000 r-xp 00000000 08:04 1569862                    /lib64/libplc4.so
    7feff92d8000-7feff94d7000 ---p 00004000 08:04 1569862                    /lib64/libplc4.so
    7feff94d7000-7feff94d8000 r--p 00003000 08:04 1569862                    /lib64/libplc4.so
    7feff94d8000-7feff94d9000 rw-p 00004000 08:04 1569862                    /lib64/libplc4.so
    7feff94d9000-7feff94dc000 r-xp 00000000 08:04 1569863                    /lib64/libplds4.so
    7feff94dc000-7feff96db000 ---p 00003000 08:04 1569863                    /lib64/libplds4.so
    7feff96db000-7feff96dc000 r--p 00002000 08:04 1569863                    /lib64/libplds4.so
    7feff96dc000-7feff96dd000 rw-p 00003000 08:04 1569863                    /lib64/libplds4.so
    7feff96dd000-7feff9703000 r-xp 00000000 08:03 3277056                    /usr/lib64/libnssutil3.so
    7feff9703000-7feff9902000 ---p 00026000 08:03 3277056                    /usr/lib64/libnssutil3.so
    7feff9902000-7feff9909000 r--p 00025000 08:03 3277056                    /usr/lib64/libnssutil3.so
    7feff9909000-7feff990a000 rw-p 0002c000 08:03 3277056                    /usr/lib64/libnssutil3.so
    7feff990a000-7feff9a44000 r-xp 00000000 08:03 3280343                    /usr/lib64/libnss3.so
    7feff9a44000-7feff9c43000 ---p 0013a000 08:03 3280343                    /usr/lib64/libnss3.so
    7feff9c43000-7feff9c49000 r--p 00139000 08:03 3280343                    /usr/lib64/libnss3.so
    7feff9c49000-7feff9c4b000 rw-p 0013f000 08:03 3280343                    /usr/lib64/libnss3.so
    7feff9c4b000-7feff9c4d000 rw-p 00000000 00:00 0
    7feff9c4d000-7feff9c75000 r-xp 00000000 08:03 3294973                    /usr/lib64/libsmime3.so
    7feff9c75000-7feff9e74000 ---p 00028000 08:03 3294973                    /usr/lib64/libsmime3.so
    7feff9e74000-7feff9e78000 r--p 00027000 08:03 3294973                    /usr/lib64/libsmime3.so
    7feff9e78000-7feff9e79000 rw-p 0002b000 08:03 3294973                    /usr/lib64/libsmime3.so
    7feff9e79000-7feff9ec0000 r-xp 00000000 08:03 3295961                    /usr/lib64/libssl3.so
    7feff9ec0000-7feffa0c0000 ---p 00047000 08:03 3295961                    /usr/lib64/libssl3.so
    7feffa0c0000-7feffa0c4000 r--p 00047000 08:03 3295961                    /usr/lib64/libssl3.so
    7feffa0c4000-7feffa0c5000 rw-p 0004b000 08:03 3295961                    /usr/lib64/libssl3.so
    7feffa0c5000-7feffa0c6000 rw-p 00000000 00:00 0
    7feffa0c6000-7feffa0df000 r-xp 00000000 08:03 3277138                    /usr/lib64/libsasl2.so.2.0.23
    7feffa0df000-7feffa2de000 ---p 00019000 08:03 3277138                    /usr/lib64/libsasl2.so.2.0.23
    7feffa2de000-7feffa2df000 r--p 00018000 08:03 3277138                    /usr/lib64/libsasl2.so.2.0.23
    7feffa2df000-7feffa2e0000 rw-p 00019000 08:03 3277138                    /usr/lib64/libsasl2.so.2.0.23
    7feffa2e0000-7feffa2ee000 r-xp 00000000 08:04 1570017                    /lib64/liblber-2.4.so.2.10.3
    7feffa2ee000-7feffa4ed000 ---p 0000e000 08:04 1570017                    /lib64/liblber-2.4.so.2.10.3
    7feffa4ed000-7feffa4ee000 r--p 0000d000 08:04 1570017                    /lib64/liblber-2.4.so.2.10.3
    7feffa4ee000-7feffa4ef000 rw-p 0000e000 08:04 1570017                    /lib64/liblber-2.4.so.2.10.3
    7feffa4ef000-7feffa6a9000 r-xp 00000000 08:03 3278184                    /usr/lib64/libcrypto.so.1.0.1e
    7feffa6a9000-7feffa8a9000 ---p 001ba000 08:03 3278184                    /usr/lib64/libcrypto.so.1.0.1e
    7feffa8a9000-7feffa8c4000 r--p 001ba000 08:03 3278184                    /usr/lib64/libcrypto.so.1.0.1e
    7feffa8c4000-7feffa8d0000 rw-p 001d5000 08:03 3278184                    /usr/lib64/libcrypto.so.1.0.1e
    7feffa8d0000-7feffa8d4000 rw-p 00000000 00:00 0
    7feffa8d4000-7feffa936000 r-xp 00000000 08:03 3278186                    /usr/lib64/libssl.so.1.0.1e
    7feffa936000-7feffab36000 ---p 00062000 08:03 3278186                    /usr/lib64/libssl.so.1.0.1e
    7feffab36000-7feffab3a000 r--p 00062000 08:03 3278186                    /usr/lib64/libssl.so.1.0.1e
    7feffab3a000-7feffab40000 rw-p 00066000 08:03 3278186                    /usr/lib64/libssl.so.1.0.1e
    7feffab40000-7feffab8e000 r-xp 00000000 08:04 1570019                    /lib64/libldap-2.4.so.2.10.3
    7feffab8e000-7feffad8d000 ---p 0004e000 08:04 1570019                    /lib64/libldap-2.4.so.2.10.3
    7feffad8d000-7feffad8f000 r--p 0004d000 08:04 1570019                    /lib64/libldap-2.4.so.2.10.3
    7feffad8f000-7feffad91000 rw-p 0004f000 08:04 1570019                    /lib64/libldap-2.4.so.2.10.3
    7feffad91000-7feffadb8000 r-xp 00000000 08:03 3278202                    /usr/lib64/libssh2.so.1.0.1
    7feffadb8000-7feffafb7000 ---p 00027000 08:03 3278202                    /usr/lib64/libssh2.so.1.0.1
    7feffafb7000-7feffafb9000 rw-p 00026000 08:03 3278202                    /usr/lib64/libssh2.so.1.0.1
    7feffafb9000-7feffafdc000 r-xp 00000000 08:04 1838148                    /opt/cpanel/nghttp2/lib/libnghttp2.so.14.13.0
    7feffafdc000-7feffb1db000 ---p 00023000 08:04 1838148                    /opt/cpanel/nghttp2/lib/libnghttp2.so.14.13.0
    7feffb1db000-7feffb1de000 rw-p 00022000 08:04 1838148                    /opt/cpanel/nghttp2/lib/libnghttp2.so.14.13.0
    7feffb1de000-7feffb476000 r-xp 00000000 08:04 1831571                    /opt/cpanel/libcurl/lib64/libcurl.so.4.5.0
    7feffb476000-7feffb675000 ---p 00298000 08:04 1831571                    /opt/cpanel/libcurl/lib64/libcurl.so.4.5.0
    7feffb675000-7feffb6a9000 rw-p 00297000 08:04 1831571                    /opt/cpanel/libcurl/lib64/libcurl.so.4.5.0
    7feffb6a9000-7feffb6ad000 rw-p 00000000 00:00 0
    7feffb6ad000-7feffb87f000 r-xp 00000000 08:04 1838290                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/curl.so
    7feffb87f000-7feffba7f000 ---p 001d2000 08:04 1838290                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/curl.so
    7feffba7f000-7feffbaa0000 rw-p 001d2000 08:04 1838290                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/curl.so
    7feffbaa0000-7feffbaa3000 rw-p 00000000 00:00 0
    7feffbaa3000-7feffbaa6000 r-xp 00000000 08:04 1834016                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/ctype.so
    7feffbaa6000-7feffbca5000 ---p 00003000 08:04 1834016                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/ctype.so
    7feffbca5000-7feffbca6000 rw-p 00002000 08:04 1834016                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/ctype.so
    7feffbca6000-7feffbd8d000 r-xp 00000000 08:04 1838153                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/ZendGuardLoader.so
    7feffbd8d000-7feffbe8c000 ---p 000e7000 08:04 1838153                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/ZendGuardLoader.so
    7feffbe8c000-7feffbea9000 rw-p 000e6000 08:04 1838153                    /opt/cpanel/ea-php54/root/usr/lib64/php/modules/ZendGuardLoader.so
    7feffbea9000-7feffbead000 rw-p 00000000 00:00 0
    7feffbead000-7feffbeca000 r-xp 00000000 08:04 1569880                    /lib64/libselinux.so.1
    7feffbeca000-7feffc0c9000 ---p 0001d000 08:04 1569880                    /lib64/libselinux.so.1
    7feffc0c9000-7feffc0ca000 r--p 0001c000 08:04 1569880                    /lib64/libselinux.so.1
    7feffc0ca000-7feffc0cb000 rw-p 0001d000 08:04 1569880                    /lib64/libselinux.so.1
    7feffc0cb000-7feffc0cc000 rw-p 00000000 00:00 0
    7feffc0cc000-7feffc0ce000 r-xp 00000000 08:04 1570005                    /lib64/libkeyutils.so.1.3
    7feffc0ce000-7feffc2cd000 ---p 00002000 08:04 1570005                    /lib64/libkeyutils.so.1.3
    7feffc2cd000-7feffc2ce000 r--p 00001000 08:04 1570005                    /lib64/libkeyutils.so.1.3
    7feffc2ce000-7feffc2cf000 rw-p 00002000 08:04 1570005                    /lib64/libkeyutils.so.1.3
    7feffc2cf000-7feffc2d9000 r-xp 00000000 08:04 1570015                    /lib64/libkrb5support.so.0.1
    7feffc2d9000-7feffc4d8000 ---p 0000a000 08:04 1570015                    /lib64/libkrb5support.so.0.1
    7feffc4d8000-7feffc4d9000 r--p 00009000 08:04 1570015                    /lib64/libkrb5support.so.0.1
    7feffc4d9000-7feffc4da000 rw-p 0000a000 08:04 1570015                    /lib64/libkrb5support.so.0.1
    7feffc4da000-7feffc4f1000 r-xp 00000000 08:04 1569830                    /lib64/[URL='http://libpthread-2.12.so/']libpthread-2.12.so[/URL]
    7feffc4f1000-7feffc6f1000 ---p 00017000 08:04 1569830                    /lib64/[URL='http://libpthread-2.12.so/']libpthread-2.12.so[/URL]
    7feffc6f1000-7feffc6f2000 r--p 00017000 08:04 1569830                    /lib64/[URL='http://libpthread-2.12.so/']libpthread-2.12.so[/URL]
    7feffc6f2000-7feffc6f3000 rw-p 00018000 08:04 1569830                    /lib64/[URL='http://libpthread-2.12.so/']libpthread-2.12.so[/URL]
    7feffc6f3000-7feffc6f7000 rw-p 00000000 00:00 0
    7feffc6f7000-7feffc70d000 r-xp 00000000 08:04 1569813                    /lib64/libgcc_s-4.4.7-20120601.so.1
    7feffc70d000-7feffc90c000 ---p 00016000 08:04 1569813                    /lib64/libgcc_s-4.4.7-20120601.so.1
    7feffc90c000-7feffc90d000 rw-p 00015000 08:04 1569813                    /lib64/libgcc_s-4.4.7-20120601.so.1
    7feffc90d000-7feffc92a000 r-xp 00000000 08:04 1569850                    /lib64/libtinfo.so.5.7
    7feffc92a000-7feffcb29000 ---p 0001d000 08:04 1569850                    /lib64/libtinfo.so.5.7
    7feffcb29000-7feffcb2d000 rw-p 0001c000 08:04 1569850                    /lib64/libtinfo.so.5.7
    7feffcb2d000-7feffcb2e000 rw-p 00000000 00:00 0
    7feffcb2e000-7feffcb30000 r-xp 00000000 08:04 1569798                    /lib64/libfreebl3.so
    7feffcb30000-7feffcd2f000 ---p 00002000 08:04 1569798                    /lib64/libfreebl3.so
    7feffcd2f000-7feffcd30000 r--p 00001000 08:04 1569798                    /lib64/libfreebl3.so
    7feffcd30000-7feffcd31000 rw-p 00002000 08:04 1569798                    /lib64/libfreebl3.so
    7feffcd31000-7feffcd47000 r-xp 00000000 08:04 1570211                    /lib64/[URL='http://libresolv-2.12.so/']libresolv-2.12.so[/URL]
    7feffcd47000-7feffcf47000 ---p 00016000 08:04 1570211                    /lib64/[URL='http://libresolv-2.12.so/']libresolv-2.12.so[/URL]
    7feffcf47000-7feffcf48000 r--p 00016000 08:04 1570211                    /lib64/[URL='http://libresolv-2.12.so/']libresolv-2.12.so[/URL]
    7feffcf48000-7feffcf49000 rw-p 00017000 08:04 1570211                    /lib64/[URL='http://libresolv-2.12.so/']libresolv-2.12.so[/URL]
    7feffcf49000-7feffcf4b000 rw-p 00000000 00:00 0
    7feffcf4b000-7feffd0d5000 r-xp 00000000 08:04 1569806                    /lib64/[URL='http://libc-2.12.so/']libc-2.12.so[/URL]
    7feffd0d5000-7feffd2d5000 ---p 0018a000 08:04 1569806                    /lib64/[URL='http://libc-2.12.so/']libc-2.12.so[/URL]
    7feffd2d5000-7feffd2d9000 r--p 0018a000 08:04 1569806                    /lib64/[URL='http://libc-2.12.so/']libc-2.12.so[/URL]
    7feffd2d9000-7feffd2db000 rw-p 0018e000 08:04 1569806                    /lib64/[URL='http://libc-2.12.so/']libc-2.12.so[/URL]
    7feffd2db000-7feffd2df000 rw-p 00000000 00:00 0
    7feffd2df000-7feffd2e2000 r-xp 00000000 08:04 1569865                    /lib64/libcom_err.so.2.1
    7feffd2e2000-7feffd4e1000 ---p 00003000 08:04 1569865                    /lib64/libcom_err.so.2.1
    7feffd4e1000-7feffd4e2000 r--p 00002000 08:04 1569865                    /lib64/libcom_err.so.2.1
    7feffd4e2000-7feffd4e3000 rw-p 00003000 08:04 1569865                    /lib64/libcom_err.so.2.1
    7feffd4e3000-7feffd50c000 r-xp 00000000 08:04 1570011                    /lib64/libk5crypto.so.3.1
    7feffd50c000-7feffd70c000 ---p 00029000 08:04 1570011                    /lib64/libk5crypto.so.3.1
    7feffd70c000-7feffd70d000 r--p 00029000 08:04 1570011                    /lib64/libk5crypto.so.3.1
    7feffd70d000-7feffd70e000 rw-p 0002a000 08:04 1570011                    /lib64/libk5crypto.so.3.1
    7feffd70e000-7feffd70f000 rw-p 00000000 00:00 0
    7feffd70f000-7feffd7eb000 r-xp 00000000 08:04 1570013                    /lib64/libkrb5.so.3.3
    7feffd7eb000-7feffd9ea000 ---p 000dc000 08:04 1570013                    /lib64/libkrb5.so.3.3
    7feffd9ea000-7feffd9f4000 r--p 000db000 08:04 1570013                    /lib64/libkrb5.so.3.3
    7feffd9f4000-7feffd9f6000 rw-p 000e5000 08:04 1570013                    /lib64/libkrb5.so.3.3
    7feffd9f6000-7feffda37000 r-xp 00000000 08:04 1570007                    /lib64/libgssapi_krb5.so.2.2
    7feffda37000-7feffdc37000 ---p 00041000 08:04 1570007                    /lib64/libgssapi_krb5.so.2.2
    7feffdc37000-7feffdc38000 r--p 00041000 08:04 1570007                    /lib64/libgssapi_krb5.so.2.2
    7feffdc38000-7feffdc3a000 rw-p 00042000 08:04 1570007                    /lib64/libgssapi_krb5.so.2.2
    7feffdc3a000-7feffdc5a000 r-xp 00000000 08:03 3277107                    /usr/lib64/liblzma.so.0.0.0
    7feffdc5a000-7feffde5a000 ---p 00020000 08:03 3277107                    /usr/lib64/liblzma.so.0.0.0
    7feffde5a000-7feffde5b000 rw-p 00020000 08:03 3277107                    /usr/lib64/liblzma.so.0.0.0
    7feffde5b000-7feffdfad000 r-xp 00000000 08:04 1831488                    /opt/cpanel/ea-libxml2/lib64/libxml2.so.2.9.7
    7feffdfad000-7feffe1ac000 ---p 00152000 08:04 1831488                    /opt/cpanel/ea-libxml2/lib64/libxml2.so.2.9.7
    7feffe1ac000-7feffe1b6000 rw-p 00151000 08:04 1831488                    /opt/cpanel/ea-libxml2/lib64/libxml2.so.2.9.7
    7feffe1b6000-7feffe1b7000 rw-p 00000000 00:00 0
    7feffe1b7000-7feffe1cd000 r-xp 00000000 08:04 1569836                    /lib64/[URL='http://libnsl-2.12.so/']libnsl-2.12.so[/URL]
    7feffe1cd000-7feffe3cc000 ---p 00016000 08:04 1569836                    /lib64/[URL='http://libnsl-2.12.so/']libnsl-2.12.so[/URL]
    7feffe3cc000-7feffe3cd000 r--p 00015000 08:04 1569836                    /lib64/[URL='http://libnsl-2.12.so/']libnsl-2.12.so[/URL]
    7feffe3cd000-7feffe3ce000 rw-p 00016000 08:04 1569836                    /lib64/[URL='http://libnsl-2.12.so/']libnsl-2.12.so[/URL]
    7feffe3ce000-7feffe3d0000 rw-p 00000000 00:00 0
    7feffe3d0000-7feffe3d2000 r-xp 00000000 08:04 1569822                    /lib64/[URL='http://libdl-2.12.so/']libdl-2.12.so[/URL]
    7feffe3d2000-7feffe5d2000 ---p 00002000 08:04 1569822                    /lib64/[URL='http://libdl-2.12.so/']libdl-2.12.so[/URL]
    7feffe5d2000-7feffe5d3000 r--p 00002000 08:04 1569822                    /lib64/[URL='http://libdl-2.12.so/']libdl-2.12.so[/URL]
    7feffe5d3000-7feffe5d4000 rw-p 00003000 08:04 1569822                    /lib64/[URL='http://libdl-2.12.so/']libdl-2.12.so[/URL]
    7feffe5d4000-7feffe657000 r-xp 00000000 08:04 1569832                    /lib64/[URL='http://libm-2.12.so/']libm-2.12.so[/URL]
    7feffe657000-7feffe856000 ---p 00083000 08:04 1569832                    /lib64/[URL='http://libm-2.12.so/']libm-2.12.so[/URL]
    7feffe856000-7feffe857000 r--p 00082000 08:04 1569832                    /lib64/[URL='http://libm-2.12.so/']libm-2.12.so[/URL]
    7feffe857000-7feffe858000 rw-p 00083000 08:04 1569832                    /lib64/[URL='http://libm-2.12.so/']libm-2.12.so[/URL]
    7feffe858000-7feffe85f000 r-xp 00000000 08:04 1570213                    /lib64/[URL='http://librt-2.12.so/']librt-2.12.so[/URL]
    7feffe85f000-7feffea5e000 ---p 00007000 08:04 1570213                    /lib64/[URL='http://librt-2.12.so/']librt-2.12.so[/URL]
    7feffea5e000-7feffea5f000 r--p 00006000 08:04 1570213                    /lib64/[URL='http://librt-2.12.so/']librt-2.12.so[/URL]
    7feffea5f000-7feffea60000 rw-p 00007000 08:04 1570213                    /lib64/[URL='http://librt-2.12.so/']librt-2.12.so[/URL]
    7feffea60000-7feffea75000 r-xp 00000000 08:04 1569858                    /lib64/libz.so.1.2.3
    7feffea75000-7feffec74000 ---p 00015000 08:04 1569858                    /lib64/libz.so.1.2.3
    7feffec74000-7feffec75000 r--p 00014000 08:04 1569858                    /lib64/libz.so.1.2.3
    7feffec75000-7feffec76000 rw-p 00015000 08:04 1569858                    /lib64/libz.so.1.2.3
    7feffec76000-7feffed5e000 r-xp 00000000 08:03 3277080                    /usr/lib64/libstdc++.so.6.0.13
    7feffed5e000-7feffef5e000 ---p 000e8000 08:03 3277080                    /usr/lib64/libstdc++.so.6.0.13
    7feffef5e000-7feffef65000 r--p 000e8000 08:03 3277080                    /usr/lib64/libstdc++.so.6.0.13
    7feffef65000-7feffef67000 rw-p 000ef000 08:03 3277080                    /usr/lib64/libstdc++.so.6.0.13
    7feffef67000-7feffef7c000 rw-p 00000000 00:00 0
    7feffef7c000-7feffef9e000 r-xp 00000000 08:04 1569846                    /lib64/libncurses.so.5.7
    7feffef9e000-7fefff19d000 ---p 00022000 08:04 1569846                    /lib64/libncurses.so.5.7
    7fefff19d000-7fefff19e000 rw-p 00021000 08:04 1569846                    /lib64/libncurses.so.5.7
    7fefff19e000-7fefff1c7000 r-xp 00000000 08:03 3277917                    /usr/lib64/libedit.so.0.0.27
    7fefff1c7000-7fefff3c7000 ---p 00029000 08:03 3277917                    /usr/lib64/libedit.so.0.0.27
    7fefff3c7000-7fefff3ca000 rw-p 00029000 08:03 3277917                    /usr/lib64/libedit.so.0.0.27
    7fefff3ca000-7fefff3cd000 rw-p 00000000 00:00 0
    7fefff3cd000-7fefff3d4000 r-xp 00000000 08:04 1569810                    /lib64/[URL='http://libcrypt-2.12.so/']libcrypt-2.12.so[/URL]
    7fefff3d4000-7fefff5d4000 ---p 00007000 08:04 1569810                    /lib64/[URL='http://libcrypt-2.12.so/']libcrypt-2.12.so[/URL]
    7fefff5d4000-7fefff5d5000 r--p 00007000 08:04 1569810                    /lib64/[URL='http://libcrypt-2.12.so/']libcrypt-2.12.so[/URL]
    7fefff5d5000-7fefff5d6000 rw-p 00008000 08:04 1569810                    /lib64/[URL='http://libcrypt-2.12.so/']libcrypt-2.12.so[/URL]
    7fefff5d6000-7fefff604000 rw-p 00000000 00:00 0
    7fefff604000-7fefff624000 r-xp 00000000 08:04 1569801                    /lib64/[URL='http://ld-2.12.so/']ld-2.12.so[/URL]
    7fefff638000-7fefff818000 rw-p 00000000 00:00 0
    7fefff823000-7fefff824000 rw-p 00000000 00:00 0
    7fefff824000-7fefff825000 r--p 00020000 08:04 1569801                    /lib64/[URL='http://ld-2.12.so/']ld-2.12.so[/URL]
    7fefff825000-7fefff826000 rw-p 00021000 08:04 1569801                    /lib64/[URL='http://ld-2.12.so/']ld-2.12.so[/URL]
    7fefff826000-7fefff827000 rw-p 00000000 00:00 0
    7ffcd5230000-7ffcd5244000 rwxp 00000000 00:00 0                          [stack]
    7ffcd5244000-7ffcd5245000 rw-p 00000000 00:00 0
    7ffcd533a000-7ffcd533b000 r-xp 00000000 00:00 0                          [vdso]
    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
    
    
    [code]lfd on dxds1962.example.com: Excessive resource usage: fangchan (18219 (Parent PID:15557))
    
    
    root@dxds1962.example.com
    1:00 AM (1 hour ago)
    
    to root
    
    
    
    Time:         Sat Mar 24 01:00:15 2018 -0700
    Account:      fangchan
    Resource:     Process Time
    Exceeded:     13618 > 1800 (seconds)
    Executable:   /opt/cpanel/ea-php54/root/usr/bin/php-cgi
    Command Line: /opt/cpanel/ea-php54/root/usr/bin/php-cgi
    PID:          18219 (Parent PID:15557)
    Killed:       No
    
    
    lfd on dxds1962.example.com: Excessive processes running under user fdcanet
    
    
    
    root@dxds1962.example.com
    1:23 AM (57 minutes ago)
    
    to root
    
    
    
    Time:          Sat Mar 24 01:23:18 2018 -0700
    Account:       fdcanet
    Process Count: 20 (Not killed)
    
    Process Information:
    
    User:fdcanet PID:12350 PPID:7739 Run Time:34(secs) Memory:285588(kb) RSS:24880(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:12911 PPID:11140 Run Time:25(secs) Memory:285584(kb) RSS:24788(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:12933 PPID:7640 Run Time:25(secs) Memory:285804(kb) RSS:24728(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13129 PPID:10624 Run Time:23(secs) Memory:285580(kb) RSS:24956(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13383 PPID:5875 Run Time:20(secs) Memory:285580(kb) RSS:24748(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13497 PPID:11329 Run Time:18(secs) Memory:285460(kb) RSS:24596(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13600 PPID:11137 Run Time:17(secs) Memory:285460(kb) RSS:24592(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13652 PPID:11361 Run Time:17(secs) Memory:285584(kb) RSS:24776(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13780 PPID:7772 Run Time:15(secs) Memory:285584(kb) RSS:24816(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13842 PPID:9791 Run Time:13(secs) Memory:285700(kb) RSS:24808(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13872 PPID:11218 Run Time:13(secs) Memory:285584(kb) RSS:24776(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13874 PPID:11216 Run Time:13(secs) Memory:285580(kb) RSS:24780(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13914 PPID:11372 Run Time:12(secs) Memory:285588(kb) RSS:24832(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13948 PPID:11222 Run Time:11(secs) Memory:285576(kb) RSS:24772(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13981 PPID:5827 Run Time:11(secs) Memory:285564(kb) RSS:24764(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13985 PPID:10637 Run Time:11(secs) Memory:285584(kb) RSS:24744(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13986 PPID:11363 Run Time:11(secs) Memory:285576(kb) RSS:24768(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:13988 PPID:2805 Run Time:11(secs) Memory:285588(kb) RSS:24820(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:14034 PPID:11048 Run Time:10(secs) Memory:285584(kb) RSS:24784(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    User:fdcanet PID:14520 PPID:3803 Run Time:4(secs) Memory:285564(kb) RSS:24768(kb) exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi cmd:/opt/cpanel/ea-php54/root/usr/bin/php-cgi
    
    What's the problem?

    What should we do to fix and stop those suspicious and excessive processes?

    Thanks for help.
     
    #1 Barry Su, Mar 24, 2018
    Last edited by a moderator: Mar 24, 2018
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    835
    Likes Received:
    302
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    php-cgi itself is not a suspicious process, just in the same way that a call to php or SQL isn't suspicious in itself..

    The php scripts that use these processes may be trying to do something that you don't particularly want to have running on your server ........ eg a php script that is sending thousands of spam messages out !

    You need to acknowledge that preventing CSF/lfd from tracking any process has consequences, as it may also prevent reporting on run-away or excessive system resources that the process is consuming.

    You already know the executable from the email you received
    Code:
    Executable:
    /opt/cpanel/ea-php54/root/usr/bin/php-cgi

    If you are satisfied that the processes you are seeing are not malicious, you can eliminate the CSF/lfd suspicious process warning for the php-cgi processes by adding the following regex to cover all your php versions to the /etc/csf/csf.pignore file
    Code:
    pexe:/opt/cpanel/ea-php*/root/usr/bin/php-cgi
    Hope this helps
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelMichael likes this.
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice