Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

lfd suspicious process /usr/bin/php

Discussion in 'General Discussion' started by jyt123, Aug 27, 2016.

Tags:
  1. jyt123

    jyt123 Registered

    Joined:
    Nov 29, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    today I've got about 500 message from CSF with this warning, my question does the 60986 is actually a port, and if so how can I block all the none essential port to open connection, I have a regular server used for commercial web-email-ftp etc, so I don't need to many port, right? right now I edited the csf.pignore list so I don't have that message any longer.

    server is CENTOS 6.8 WHM 58.0.20
    Code:
    
    tcp: xxx.xxx.xxx.xxx:60986 -> 104.25.xxx.xx:80
    
    Time:    Sat Aug 27 06:16:29 2016 -0400
    PID:     32079 (Parent PID:31768)
    Account: rexxxx
    Uptime:  110 seconds
    
    
    Executable:
    
    /usr/bin/php
    
    
    Command Line (often faked in exploits):
    
    /usr/bin/php /home/rexxxx/public_html/xmlrpc.php
    
    
    Network connections by the process (if any):
    
    tcp: xxx.xxx.xxx.xxx:60986 -> 104.25.xxx.xx:80
    
    
    Files open by the process (if any):
    
    
     
    #1 jyt123, Aug 27, 2016
    Last edited by a moderator: Aug 27, 2016
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    329
    Likes Received:
    94
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    xmlrpc.php is a file often used by WordPress sites to handle remote procedure calls using XML to encode its calls.

    You can find more information here and here.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page