The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Round Cube Suspicious process

Discussion in 'General Discussion' started by atlantis21, Oct 24, 2012.

  1. atlantis21

    atlantis21 Well-Known Member

    Joined:
    Sep 18, 2012
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello everybody,
    I have this message:

    Executable:

    /usr/local/cpanel/3rdparty/bin/php-cgi


    Command Line (often faked in exploits):

    /usr/local/cpanel/3rdparty/bin/php-cgi -c /usr/local/cpanel/3rdparty/etc/roundcube /usr/local/cpanel/base/3rdparty/roundcube/index.php

    What this means?:confused:
     
  2. CitizenK

    CitizenK Well-Known Member

    Joined:
    Jun 5, 2012
    Messages:
    64
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    On The Road
    cPanel Access Level:
    Root Administrator
    The processes you have listed above are cPanel processes and you do not need to be concerned about them.

    The binary /usr/local/cpanel/3rdparty/bin/php-cgi is cPanel's version of php that serves out roundcube, webmail, cPanel interface and WHM. This version of php that runs cPanel services is separate from the version that is run on the websites on the server. The full command that you included is the command where roundcube is being executed through cPanel's PHP.
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    That message came from CSF. More reading here on this sort of thing.
    ConfigServer Scripts Forum • View topic - Process Tracking and csf.pignore
     
  4. atlantis21

    atlantis21 Well-Known Member

    Joined:
    Sep 18, 2012
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Ok, So I recive e-mail with this notification, when somebody open Round Cube from cPanel (e.g Webmail).
    If this is true, why this is Suspicious process?

    Anybody who have cPanel details, may access to Webmail and open Round Cube...
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you read the details at that link? The answers you seek can be found there. In that thread and on that forum as well. CSF is not supported by cPanel. It's an great product created by ConfigServer Services and support for it, is on that forum at the link above.

    Hope that helps!
     
  6. atlantis21

    atlantis21 Well-Known Member

    Joined:
    Sep 18, 2012
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page