Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Suspicious process running under my user

Discussion in 'Security' started by Nurs1927, Sep 24, 2017.

  1. Nurs1927

    Nurs1927 Well-Known Member

    Joined:
    Nov 22, 2015
    Messages:
    47
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Hello, lfd sends my a warning message related with Cpanel process.
    Does anyone know this process and can you tell me if it is a problem?

    Code:
    Time:    Sun Sep 24 08:46:17 2017 +0200
    PID:     31251 (Parent PID:30852)
    Account: myuser
    Uptime:  64 seconds
    
    Executable:
    
    /home/virtfs/myuser/opt/cpanel/ea-php70/root/usr/bin/php-cgi
    
    Command Line (often faked in exploits):
    
    /opt/cpanel/ea-php70/root/usr/bin/php-cgi
    
    Network connections by the process (if any):
    
    tcp: 94.130.70.19:37834 -> 94.130.70.19:21
    
    Files open by the process (if any):
    
    /home/virtfs/myuser/dev/urandom
    Thank you.
     
  2. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    52
    Likes Received:
    23
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    That email alert tells you that php running in myuser's account made a connection to 94.130.70.19 on port 21.
    Port 21 is typically for ftp connections
    That ip is located in Ukraine.
    - Removed -

    php version was cpanels easyapache4 php 7.0

    This connection would concern me if I could not determine it to be for an appropriate reason.
    An appropriate reason may be myuser's website doing ftp backups to 94.130.70.19
     
    #2 fuzzylogic, Sep 24, 2017
    Last edited by a moderator: Sep 24, 2017
    cPanelMichael likes this.
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page