open connection by php-fpm to suspicious IP - lfd

ItsMattSon

Well-Known Member
Sep 5, 2016
182
38
103
Perth
cPanel Access Level
Root Administrator
Hi cPanel,

Similar ticket to this one here except that I'm actually interested in the open connections portion, not how to silence them.

Also, I note that lfd is a ConfigServer technology but I'd just like to know that the open connection isn't related to cPanel/WHM update cron or something so I can rule that out.

Can anybody tell me why php-fpm might be trying to reach that IP?
(I believe it's an Akamai CDN, but I can't work out what it needs from there? Or what's initiating the connection? Does cPanel use it?)

Code:
Executable:
/opt/cpanel/ea-php71/root/usr/sbin/php-fpm

Command Line (often faked in exploits):
php-fpm: pool sitename_com_au                  

Network connections by the process (if any):
tcp: SERVERIP:PORT -> 23.205.198.84:443

Files open by the process (if any):
/dev/null
/var/log/yum.log
 (deleted)/tmp/.ZendSem.CV7rNm
/dev/urandom
 (deleted)/root/tmp/tmphozgaT
 (deleted)/root/tmp/tmphozgaT
Thanks in advance.
 
Last edited: