Suspicious Process Running Error

MuratB

Member
Apr 15, 2019
10
0
1
Turkey
cPanel Access Level
Root Administrator
Hello everyone. I have a problem like "Suspicious Process Running" but i can't find any error logs. Most Days I get several error mail like below.When this error occurs,can't access my website.I need to restart php-fpm or server for fix in that time.

Network connection my server to mssql server

Code:
Time:    Mon Jul  8 17:27:52 2019 +0300
PID:     44679 (Parent PID:33663)
Account: MY ACCOUNT
Uptime:  274 seconds

Executable:

/opt/cpanel/ea-php73/root/usr/sbin/php-fpm

Command Line (often faked in exploits):

php-fpm: pool example_com                        

Network connections by the process (if any):

tcp: MY SERVER IP  -> MSSQL SERVER IP WHİCH İ CONNECTED

Files open by the process (if any):
/dev/null
/var/cpanel/php/sessions/ea-php73/ci_session3d2fb194fae16368fad59049c582c71edc2da5c0

Memory maps by the process (if any):

5627be6ed000-5627beb3e000 r-xp 00000000 fd:00 16909027                   /opt/cpanel/ea-php73/root/usr/sbin/php-fpm
5627bed3d000-5627bedc4000 r--p 00450000 fd:00 16909027                   /opt/cpanel/ea-php73/root/usr/sbin/php-fpm
5627bedc4000-5627bedc7000 rw-p 004d7000 fd:00 16909027                   /opt/cpanel/ea-php73/root/usr/sbin/php-fpm
5627bedc7000-5627bede4000 rw-p 00000000 00:00 0
5627c0747000-5627c095d000 rw-p 00000000 00:00 0                          [heap]
5627c095d000-5627c09e7000 rw-p 00000000 00:00 0                          [heap]
7faf8dc00000-7faf8f59b000 rw-p 00000000 00:00 0
7faf92000000-7faf93000000 rw-p 00000000 00:00 0
7faf931ef000-7faf931f3000 r-xp 00000000 fd:00 25216                      /usr/lib64/libuuid.so.1.3.0
7faf931f3000-7faf933f2000 ---p 00004000 fd:00 25216                      /usr/lib64/libuuid.so.1.3.0
7faf933f2000-7faf933f3000 r--p 00003000 fd:00 25216                      /usr/lib64/libuuid.so.1.3.0
7faf933f3000-7faf933f4000 rw-p 00004000 fd:00 25216                      /usr/lib64/libuuid.so.1.3.0
 

Attachments

Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
This is a notification from CSF about the amount of time the process has been running while this in some instances could be indicative of an issue, in this case it's a false alarm and can be safely ignored. The following resource might be helpful as well Tutorial - CSF/LFD - Excessive Resource Usage - Process Time
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
This is just a notification that the php-fpm pool for that user has been active for some time, it shouldn't affect the usability of the site. When your site is inaccessible are there errors in the apache error log in regards to it? You can find it at /etc/apache2/logs/error_log