lfd on my.domain.com: Suspicious process running under user myusername

W

webservers

Active Member
Nov 3, 2014
33
1
6
cPanel Access Level
Root Administrator
I got this sent to my email today from my cpanel dedicated server.

I'm wondering do I need to be concerned? Do I have a trojan?

p.s. I did do an antivirus check 2 days ago and did find a virus in the mail and removed it using the cpanel antivirus. I wonder if this is related?

(p.s.s. I changed my domain name to my.domain.com and my cpanel username to myusername, and also my server ip address to m.y.i.p, for obvious privacy purposes)

Code: 
Time:    Thu Nov 20 08:21:22 2014 -0800
PID:     3330 (Parent PID:3293)
Account: myusername
Uptime:  452614 seconds


Executable:

/usr/local/cpanel/3rdparty/perl/514/bin/perl


Command Line (often faked in exploits):

spamd child


Network connections by the process (if any):

tcp: 127.0.0.1:783 -> 0.0.0.0:0
tcp: 127.0.0.1:783 -> 127.0.0.1:49672
udp: 127.0.0.1:46786 -> 127.0.0.1:53
tcp: m.y.i.p:46568 -> 208.83.137.118:2703
tcp: m.y.i.p:35518 -> 208.83.137.115:2703




Files open by the process (if any):

/dev/null
/dev/null
/dev/null
/usr/local/cpanel/3rdparty/perl/514/bin/spamd
/dev/null


Memory maps by the process (if any):

00400000-00402000 r-xp 00000000 fd:00 45744290                           /usr/local/cpanel/3rdparty/perl/514/bin/perl
00601000-00602000 rw-p 00001000 fd:00 45744290                           /usr/local/cpanel/3rdparty/perl/514/bin/perl
01cd5000-02ed7000 rw-p 00000000 00:00 0
02ed7000-05061000 rw-p 00000000 00:00 0
05061000-05f16000 rw-p 00000000 00:00 0
3280800000-3280820000 r-xp 00000000 fd:00 39583785                       /lib64/ld-2.12.so
3280a1f000-3280a20000 r--p 0001f000 fd:00 39583785                       /lib64/ld-2.12.so
3280a20000-3280a21000 rw-p 00020000 fd:00 39583785                       /lib64/ld-2.12.so
3280a21000-3280a22000 rw-p 00000000 00:00 0
3280c00000-3280d8a000 r-xp 00000000 fd:00 39583821                       /lib64/libc-2.12.so
3280d8a000-3280f8a000 ---p 0018a000 fd:00 39583821                       /lib64/libc-2.12.so
3280f8a000-3280f8e000 r--p 0018a000 fd:00 39583821                       /lib64/libc-2.12.so
3280f8e000-3280f8f000 rw-p 0018e000 fd:00 39583821                       /lib64/libc-2.12.so
3280f8f000-3280f94000 rw-p 00000000 00:00 0
3281000000-3281017000 r-xp 00000000 fd:00 39584101                       /lib64/libpthread-2.12.so
3281017000-3281217000 ---p 00017000 fd:00 39584101                       /lib64/libpthread-2.12.so
3281217000-3281218000 r--p 00017000 fd:00 39584101                       /lib64/libpthread-2.12.so
3281218000-3281219000 rw-p 00018000 fd:00 39584101                       /lib64/libpthread-2.12.so
3281219000-328121d000 rw-p 00000000 00:00 0
3281400000-3281402000 r-xp 00000000 fd:00 39583828                       /lib64/libdl-2.12.so
3281402000-3281602000 ---p 00002000 fd:00 39583828                       /lib64/libdl-2.12.so
3281602000-3281603000 r--p 00002000 fd:00 39583828                       /lib64/libdl-2.12.so
3281603000-3281604000 rw-p 00003000 fd:00 39583828                       /lib64/libdl-2.12.so
3281800000-3281802000 r-xp 00000000 fd:00 39583858                       /lib64/libutil-2.12.so
3281802000-3281a01000 ---p 00002000 fd:00 39583858                       /lib64/libutil-2.12.so
3281a01000-3281a02000 r--p 00001000 fd:00 39583858                       /lib64/libutil-2.12.so
3281a02000-3281a03000 rw-p 00002000 fd:00 39583858                       /lib64/libutil-2.12.so
3281c00000-3281c83000 r-xp 00000000 fd:00 39586176                       /lib64/libm-2.12.so
3281c83000-3281e82000 ---p 00083000 fd:00 39586176                       /lib64/libm-2.12.so
3281e82000-3281e83000 r--p 00082000 fd:00 39586176                       /lib64/libm-2.12.so
3281e83000-3281e84000 rw-p 00083000 fd:00 39586176                       /lib64/libm-2.12.so
3282000000-3282015000 r-xp 00000000 fd:00 39583869                       /lib64/libz.so.1.2.3
3282015000-3282214000 ---p 00015000 fd:00 39583869                       /lib64/libz.so.1.2.3
3282214000-3282215000 r--p 00014000 fd:00 39583869                       /lib64/libz.so.1.2.3
3282215000-3282216000 rw-p 00015000 fd:00 39583869                       /lib64/libz.so.1.2.3
3282400000-328241d000 r-xp 00000000 fd:00 39583782                       /lib64/libselinux.so.1
328241d000-328261c000 ---p 0001d000 fd:00 39583782                       /lib64/libselinux.so.1
328261c000-328261d000 r--p 0001c000 fd:00 39583782                       /lib64/libselinux.so.1
328261d000-328261e000 rw-p 0001d000 fd:00 39583782                       /lib64/libselinux.so.1
328261e000-328261f000 rw-p 00000000 00:00 0
3282800000-3282806000 r-xp 00000000 fd:00 44565505                       /usr/lib64/libgdbm.so.2.0.0
3282806000-3282a05000 ---p 00006000 fd:00 44565505                       /usr/lib64/libgdbm.so.2.0.0
3282a05000-3282a06000 rw-p 00005000 fd:00 44565505                       /usr/lib64/libgdbm.so.2.0.0
3282c00000-3282c16000 r-xp 00000000 fd:00 39586186                       /lib64/libresolv-2.12.so
3282c16000-3282e16000 ---p 00016000 fd:00 39586186                       /lib64/libresolv-2.12.so
3282e16000-3282e17000 r--p 00016000 fd:00 39586186                       /lib64/libresolv-2.12.so
3282e17000-3282e18000 rw-p 00017000 fd:00 39586186                       /lib64/libresolv-2.12.so
3282e18000-3282e1a000 rw-p 00000000 00:00 0
3283800000-3283807000 r-xp 00000000 fd:00 39584068                       /lib64/libcrypt-2.12.so
3283807000-3283a07000 ---p 00007000 fd:00 39584068                       /lib64/libcrypt-2.12.so
3283a07000-3283a08000 r--p 00007000 fd:00 39584068                       /lib64/libcrypt-2.12.so
3283a08000-3283a09000 rw-p 00008000 fd:00 39584068                       /lib64/libcrypt-2.12.so
3283a09000-3283a37000 rw-p 00000000 00:00 0
3283c00000-3283c73000 r-xp 00000000 fd:00 39583863                       /lib64/libfreebl3.so
3283c73000-3283e72000 ---p 00073000 fd:00 39583863                       /lib64/libfreebl3.so
3283e72000-3283e74000 r--p 00072000 fd:00 39583863                       /lib64/libfreebl3.so
3283e74000-3283e75000 rw-p 00074000 fd:00 39583863                       /lib64/libfreebl3.so
3283e75000-3283e79000 rw-p 00000000 00:00 0
3284000000-3284003000 r-xp 00000000 fd:00 39586192                       /lib64/libcom_err.so.2.1
3284003000-3284202000 ---p 00003000 fd:00 39586192                       /lib64/libcom_err.so.2.1
3284202000-3284203000 r--p 00002000 fd:00 39586192                       /lib64/libcom_err.so.2.1
3284203000-3284204000 rw-p 00003000 fd:00 39586192                       /lib64/libcom_err.so.2.1
3284400000-3284402000 r-xp 00000000 fd:00 39584162                       /lib64/libkeyutils.so.1.3
3284402000-3284601000 ---p 00002000 fd:00 39584162                       /lib64/libkeyutils.so.1.3
3284601000-3284602000 r--p 00001000 fd:00 39584162                       /lib64/libkeyutils.so.1.3
3284602000-3284603000 rw-p 00002000 fd:00 39584162                       /lib64/libkeyutils.so.1.3
3284800000-32848db000 r-xp 00000000 fd:00 39586193                       /lib64/libkrb5.so.3.3
32848db000-3284ada000 ---p 000db000 fd:00 39586193                       /lib64/libkrb5.so.3.3
3284ada000-3284ae4000 r--p 000da000 fd:00 39586193                       /lib64/libkrb5.so.3.3
3284ae4000-3284ae6000 rw-p 000e4000 fd:00 39586193                       /lib64/libkrb5.so.3.3
3284c00000-3284c29000 r-xp 00000000 fd:00 39586191                       /lib64/libk5crypto.so.3.1
3284c29000-3284e29000 ---p 00029000 fd:00 39586191                       /lib64/libk5crypto.so.3.1
3284e29000-3284e2a000 r--p 00029000 fd:00 39586191                       /lib64/libk5crypto.so.3.1
3284e2a000-3284e2b000 rw-p 0002a000 fd:00 39586191                       /lib64/libk5crypto.so.3.1
3284e2b000-3284e2c000 rw-p 00000000 00:00 0
3285400000-3285441000 r-xp 00000000 fd:00 39586194                       /lib64/libgssapi_krb5.so.2.2
3285441000-3285641000 ---p 00041000 fd:00 39586194                       /lib64/libgssapi_krb5.so.2.2
3285641000-3285642000 r--p 00041000 fd:00 39586194                       /lib64/libgssapi_krb5.so.2.2
3285642000-3285644000 rw-p 00042000 fd:00 39586194                       /lib64/libgssapi_krb5.so.2.2
3285800000-3285816000 r-xp 00000000 fd:00 39586179                       /lib64/libnsl-2.12.so
3285816000-3285a15000 ---p 00016000 fd:00 39586179                       /lib64/libnsl-2.12.so
3285a15000-3285a16000 r--p 00015000 fd:00 39586179                       /lib64/libnsl-2.12.so
3285a16000-3285a17000 rw-p 00016000 fd:00 39586179                       /lib64/libnsl-2.12.so
3285a17000-3285a19000 rw-p 00000000 00:00 0
3285c00000-3285d6f000 r-xp 00000000 fd:00 39586180                       /lib64/libdb-4.7.so
3285d6f000-3285f6e000 ---p 0016f000 fd:00 39586180                       /lib64/libdb-4.7.so
3285f6e000-3285f74000 rw-p 0016e000 fd:00 39586180                       /lib64/libdb-4.7.so
3286800000-328680a000 r-xp 00000000 fd:00 39586190                       /lib64/libkrb5support.so.0.1
328680a000-3286a09000 ---p 0000a000 fd:00 39586190                       /lib64/libkrb5support.so.0.1
3286a09000-3286a0a000 r--p 00009000 fd:00 39586190                       /lib64/libkrb5support.so.0.1
3286a0a000-3286a0b000 rw-p 0000a000 fd:00 39586190                       /lib64/libkrb5support.so.0.1
3288400000-3288432000 r-xp 00000000 fd:00 39586188                       /lib64/libidn.so.11.6.1
3288432000-3288631000 ---p 00032000 fd:00 39586188                       /lib64/libidn.so.11.6.1
3288631000-3288632000 rw-p 00031000 fd:00 39586188                       /lib64/libidn.so.11.6.1
35af200000-35af3b8000 r-xp 00000000 fd:00 44566745                       /usr/lib64/libcrypto.so.1.0.1e
35af3b8000-35af5b8000 ---p 001b8000 fd:00 44566745                       /usr/lib64/libcrypto.so.1.0.1e
35af5b8000-35af5d3000 r--p 001b8000 fd:00 44566745                       /usr/lib64/libcrypto.so.1.0.1e
35af5d3000-35af5df000 rw-p 001d3000 fd:00 44566745                       /usr/lib64/libcrypto.so.1.0.1e
35af5df000-35af5e3000 rw-p 00000000 00:00 0
35af600000-35af662000 r-xp 00000000 fd:00 44566746                       /usr/lib64/libssl.so.1.0.1e
35af662000-35af861000 ---p 00062000 fd:00 44566746                       /usr/lib64/libssl.so.1.0.1e
35af861000-35af865000 r--p 00061000 fd:00 44566746                       /usr/lib64/libssl.so.1.0.1e
35af865000-35af86c000 rw-p 00065000 fd:00 44566746                       /usr/lib64/libssl.so.1.0.1e
7ff775a8b000-7ff775a90000 r-xp 00000000 fd:00 39583770                   /lib64/libnss_dns-2.12.so
7ff775a90000-7ff775c8f000 ---p 00005000 fd:00 39583770                   /lib64/libnss_dns-2.12.so
7ff775c8f000-7ff775c90000 r--p 00004000 fd:00 39583770                   /lib64/libnss_dns-2.12.so
7ff775c90000-7ff775c91000 rw-p 00005000 fd:00 39583770                   /lib64/libnss_dns-2.12.so
7ff775c91000-7ff775c97000 r-xp 00000000 fd:00 46137408                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/version/vxs/vxs.so
7ff775c97000-7ff775e96000 ---p 00006000 fd:00 46137408                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/version/vxs/vxs.so
7ff775e96000-7ff775e97000 rw-p 00005000 fd:00 46137408                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/version/vxs/vxs.so
7ff775e97000-7ff775e9d000 r-xp 00000000 fd:00 46271450                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/RSA/RSA.so
7ff775e9d000-7ff77609d000 ---p 00006000 fd:00 46271450                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/RSA/RSA.so
7ff77609d000-7ff77609e000 rw-p 00006000 fd:00 46271450                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/RSA/RSA.so
7ff77609e000-7ff7760a4000 r-xp 00000000 fd:00 46271347                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/Bignum/Bignum.so
7ff7760a4000-7ff7762a3000 ---p 00006000 fd:00 46271347                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/Bignum/Bignum.so
7ff7762a3000-7ff7762a4000 rw-p 00005000 fd:00 46271347                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/Bignum/Bignum.so
7ff7762a4000-7ff7762d9000 r-xp 00000000 fd:00 93                         /var/lib/spamassassin/compiled/5.014/3.004000/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
7ff7762d9000-7ff7764d9000 ---p 00035000 fd:00 93                         /var/lib/spamassassin/compiled/5.014/3.004000/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
7ff7764d9000-7ff7764da000 rw-p 00035000 fd:00 93                         /var/lib/spamassassin/compiled/5.014/3.004000/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
7ff7764da000-7ff77651b000 rw-p 00000000 00:00 0
7ff77651b000-7ff77651e000 r-xp 00000000 fd:00 46268741                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/BSD/Resource/Resource.so
7ff77651e000-7ff77671d000 ---p 00003000 fd:00 46268741                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/BSD/Resource/Resource.so
7ff77671d000-7ff77671e000 rw-p 00002000 fd:00 46268741                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/BSD/Resource/Resource.so
7ff77671e000-7ff77675b000 rw-p 00000000 00:00 0
7ff77675b000-7ff77675f000 r-xp 00000000 fd:00 47841299                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
7ff77675f000-7ff77695e000 ---p 00004000 fd:00 47841299                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
7ff77695e000-7ff77695f000 rw-p 00003000 fd:00 47841299                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
7ff77695f000-7ff776963000 r-xp 00000000 fd:00 46139227                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA1/SHA1.so
7ff776963000-7ff776b62000 ---p 00004000 fd:00 46139227                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA1/SHA1.so
7ff776b62000-7ff776b63000 rw-p 00003000 fd:00 46139227                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA1/SHA1.so
7ff776b63000-7ff776b6d000 r-xp 00000000 fd:00 46138226                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/DB_File/DB_File.so
7ff776b6d000-7ff776d6d000 ---p 0000a000 fd:00 46138226                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/DB_File/DB_File.so
7ff776d6d000-7ff776d6e000 rw-p 0000a000 fd:00 46138226                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/DB_File/DB_File.so
7ff776d6e000-7ff776d77000 r-xp 00000000 fd:00 46137366                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/List/Util/Util.so
7ff776d77000-7ff776f77000 ---p 00009000 fd:00 46137366                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/List/Util/Util.so
7ff776f77000-7ff776f78000 rw-p 00009000 fd:00 46137366                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/List/Util/Util.so
7ff776f99000-7ff776f9c000 r-xp 00000000 fd:00 46137981                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Sys/Syslog/Syslog.so
7ff776f9c000-7ff77719c000 ---p 00003000 fd:00 46137981                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Sys/Syslog/Syslog.so
7ff77719c000-7ff77719d000 rw-p 00003000 fd:00 46137981                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Sys/Syslog/Syslog.so
7ff77719d000-7ff77719f000 r-xp 00000000 fd:00 46137380                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Cwd/Cwd.so
7ff77719f000-7ff77739e000 ---p 00002000 fd:00 46137380                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Cwd/Cwd.so
7ff77739e000-7ff77739f000 rw-p 00001000 fd:00 46137380                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Cwd/Cwd.so
7ff77739f000-7ff7773a6000 r-xp 00000000 fd:00 46137466                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Data/Dumper/Dumper.so
7ff7773a6000-7ff7775a6000 ---p 00007000 fd:00 46137466                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Data/Dumper/Dumper.so
7ff7775a6000-7ff7775a7000 rw-p 00007000 fd:00 46137466                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Data/Dumper/Dumper.so
7ff7775a7000-7ff7775ab000 r-xp 00000000 fd:00 46402154                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/LibIDN/LibIDN.so
7ff7775ab000-7ff7777aa000 ---p 00004000 fd:00 46402154                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/LibIDN/LibIDN.so
7ff7777aa000-7ff7777ab000 rw-p 00003000 fd:00 46402154                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/LibIDN/LibIDN.so
7ff7777ab000-7ff7777b3000 r-xp 00000000 fd:00 46137540                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Encode.so
7ff7777b3000-7ff7779b2000 ---p 00008000 fd:00 46137540                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Encode.so
7ff7779b2000-7ff7779b3000 rw-p 00007000 fd:00 46137540                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Encode.so
7ff7779b3000-7ff7779bc000 r-xp 00000000 fd:00 46137650                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA/SHA.so
7ff7779bc000-7ff777bbc000 ---p 00009000 fd:00 46137650                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA/SHA.so
7ff777bbc000-7ff777bbd000 rw-p 00009000 fd:00 46137650                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA/SHA.so
7ff777bbd000-7ff777bbf000 r-xp 00000000 fd:00 46141991                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/DNS/DNS.so
7ff777bbf000-7ff777dbe000 ---p 00002000 fd:00 46141991                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/DNS/DNS.so
7ff777dbe000-7ff777dbf000 rw-p 00001000 fd:00 46141991                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/DNS/DNS.so
7ff777dbf000-7ff777dc8000 r-xp 00000000 fd:00 46268556                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/HTML/Parser/Parser.so
7ff777dc8000-7ff777fc8000 ---p 00009000 fd:00 46268556                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/HTML/Parser/Parser.so
7ff777fc8000-7ff777fc9000 rw-p 00009000 fd:00 46268556                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/HTML/Parser/Parser.so
7ff777fc9000-7ff777fcd000 r-xp 00000000 fd:00 58854923                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/auto/File/Glob/Glob.so
7ff777fcd000-7ff7781cc000 ---p 00004000 fd:00 58854923                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/auto/File/Glob/Glob.so
7ff7781cc000-7ff7781cd000 rw-p 00003000 fd:00 58854923                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/auto/File/Glob/Glob.so
7ff7781cd000-7ff7781d0000 r-xp 00000000 fd:00 46137455                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/MIME/Base64/Base64.so
7ff7781d0000-7ff7783cf000 ---p 00003000 fd:00 46137455                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/MIME/Base64/Base64.so
7ff7783cf000-7ff7783d0000 rw-p 00002000 fd:00 46137455                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/MIME/Base64/Base64.so
7ff7783d0000-7ff7783d4000 r-xp 00000000 fd:00 46268807                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/NetAddr/IP/Util/Util.so
7ff7783d4000-7ff7785d4000 ---p 00004000 fd:00 46268807                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/NetAddr/IP/Util/Util.so
7ff7785d4000-7ff7785d5000 rw-p 00004000 fd:00 46268807                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/NetAddr/IP/Util/Util.so
7ff7785d5000-7ff7785dc000 r-xp 00000000 fd:00 39584107                   /lib64/librt-2.12.so
7ff7785dc000-7ff7787db000 ---p 00007000 fd:00 39584107                   /lib64/librt-2.12.so
7ff7787db000-7ff7787dc000 r--p 00006000 fd:00 39584107                   /lib64/librt-2.12.so
7ff7787dc000-7ff7787dd000 rw-p 00007000 fd:00 39584107                   /lib64/librt-2.12.so
7ff7787dd000-7ff7787e2000 r-xp 00000000 fd:00 46137460                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Time/HiRes/HiRes.so
7ff7787e2000-7ff7789e1000 ---p 00005000 fd:00 46137460                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Time/HiRes/HiRes.so
7ff7789e1000-7ff7789e2000 rw-p 00004000 fd:00 46137460                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Time/HiRes/HiRes.so
7ff7789e2000-7ff7789f8000 r-xp 00000000 fd:00 58854936                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/auto/POSIX/POSIX.so
7ff7789f8000-7ff778bf7000 ---p 00016000 fd:00 58854936                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/auto/POSIX/POSIX.so
7ff778bf7000-7ff778bfa000 rw-p 00015000 fd:00 58854936                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/auto/POSIX/POSIX.so
7ff778bfa000-7ff778bfd000 r-xp 00000000 fd:00 58854922                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/auto/Fcntl/Fcntl.so
7ff778bfd000-7ff778dfd000 ---p 00003000 fd:00 58854922                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/auto/Fcntl/Fcntl.so
7ff778dfd000-7ff778dfe000 rw-p 00003000 fd:00 58854922                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/auto/Fcntl/Fcntl.so
7ff778dfe000-7ff778e02000 r-xp 00000000 fd:00 46269697                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket6/Socket6.so
7ff778e02000-7ff779001000 ---p 00004000 fd:00 46269697                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket6/Socket6.so
7ff779001000-7ff779002000 rw-p 00003000 fd:00 46269697                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket6/Socket6.so
7ff779002000-7ff779006000 r-xp 00000000 fd:00 46137397                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/IO/IO.so
7ff779006000-7ff779205000 ---p 00004000 fd:00 46137397                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/IO/IO.so
7ff779205000-7ff779206000 rw-p 00003000 fd:00 46137397                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/IO/IO.so
7ff779206000-7ff779212000 r-xp 00000000 fd:00 39584146                   /lib64/libnss_files-2.12.so
7ff779212000-7ff779412000 ---p 0000c000 fd:00 39584146                   /lib64/libnss_files-2.12.so
7ff779412000-7ff779413000 r--p 0000c000 fd:00 39584146                   /lib64/libnss_files-2.12.so
7ff779413000-7ff779414000 rw-p 0000d000 fd:00 39584146                   /lib64/libnss_files-2.12.so
7ff779414000-7ff77941c000 r-xp 00000000 fd:00 57280603                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket/Socket.so
7ff77941c000-7ff77961b000 ---p 00008000 fd:00 57280603                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket/Socket.so
7ff77961b000-7ff77961d000 rw-p 00007000 fd:00 57280603                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket/Socket.so
7ff77961d000-7ff779663000 r-xp 00000000 fd:00 58855121                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/auto/re/re.so
7ff779663000-7ff779863000 ---p 00046000 fd:00 58855121                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/auto/re/re.so
7ff779863000-7ff779864000 rw-p 00046000 fd:00 58855121                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/auto/re/re.so
7ff779864000-7ff779869000 rw-p 00000000 00:00 0
7ff779869000-7ff779995000 r-xp 00000000 fd:00 58854759                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/CORE/libperl.so
7ff779995000-7ff779b95000 ---p 0012c000 fd:00 58854759                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/CORE/libperl.so
7ff779b95000-7ff779b9e000 rw-p 0012c000 fd:00 58854759                   /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/5.14.4/x86_64-linux-64int/CORE/libperl.so
7ff779b9e000-7ff779ba0000 rw-p 00000000 00:00 0
7ff779ba9000-7ff779baa000 rw-p 00000000 00:00 0
7fff2fd61000-7fff2fd99000 rw-p 00000000 00:00 0                          [stack]
7fff2fdff000-7fff2fe00000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
 
24x7ss

24x7ss

Well-Known Member
Sep 30, 2014
272
19
68
India
cPanel Access Level
Root Administrator
Twitter
Hello,

The process is doing outbound connections and you surely would want to check on these to make sure its not an outbound attack. Try to lsof the pid and check if you get any files for account owners and check on them.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,261
463
Hello :)

This is a common occurrence and is typically a false positive. You will find several threads on this topic by searching for "spamd lfd" on our forums or by searching for "LFD spamd site:forums.cpanel.net" on Google. Please keep in mind that LFD is developed by ConfigServer, so their forums are often a better resource.

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
P lfd on example.com SYSLOG Check Failed - Problem with logging. Security 4
Otávio Serra lfd - Suspicious process running under user nobody Security 5
eventtex LFD - Suspicious process running under user postgres Security 7
L lfd on server.mydomain.com failed Security 3
J lfd on server1.mydomain.com: blocked 198.3.68.101 Security 2
Similar threads
lfd on example.com SYSLOG Check Failed - Problem with logging.
lfd - Suspicious process running under user nobody
LFD - Suspicious process running under user postgres
lfd on server.mydomain.com failed
lfd on server1.mydomain.com: blocked 198.3.68.101
Top Bottom