The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Suspicious process running under user xxxx

Discussion in 'General Discussion' started by NikRB, Aug 26, 2015.

  1. NikRB

    NikRB Registered

    Joined:
    May 21, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Perth, Australia
    cPanel Access Level:
    Root Administrator
    Hi Guys,
    I know this might be a LFD problem but just wanted your input.
    I am getting the following error on the hour every hour and sometime a few in the hour consistently.

    I tried deleting the all the /tmp/sess_ files in root but that didn't help.
    The strange thing is the site that uses this account takes more than 1min for ttfb. It was under 1sec. I am not exactly sure if the issue is related but am a little lost. Any help appreciated.

    Code:
    Time:    Thu Aug 27 12:27:55 2015 +0800
    PID:     4886 (Parent PID:2213)
    Account: wanabc
    Uptime:  62 seconds
    
    
    Executable:
    
    /usr/bin/php
    
    
    Command Line (often faked in exploits):
    
    /usr/bin/php /home/wanabc/public_html/index.php
    
    
    Network connections by the process (if any):
    
    tcp: xxx.191.57.112:55395 -> 37.1.200.156:80
    
    
    Files open by the process (if any):
    
    /tmp/sess_69bb2a5c4ac42d8c0a9ef7d9513641f4
    
    
    Memory maps by the process (if any):
    
    00400000-00c04000 r-xp 00000000 fc:01 70579                              /usr/bin/php
    00e04000-00ecf000 rw-p 00804000 fc:01 70579                              /usr/bin/php
    00ecf000-00ef3000 rw-p 00000000 00:00 0
    01bd6000-026e4000 rw-p 00000000 00:00 0                                  [heap]
    7fc9ba170000-7fc9c0000000 r--p 00000000 fc:01 70487                      /usr/lib/locale/locale-archive
    7fc9c0000000-7fc9c0021000 rw-p 00000000 00:00 0
    7fc9c0021000-7fc9c4000000 ---p 00000000 00:00 0
    7fc9c6bca000-7fc9c6bcf000 r-xp 00000000 fc:01 2083                       /lib64/libnss_dns-2.12.so
    7fc9c6bcf000-7fc9c6dce000 ---p 00005000 fc:01 2083                       /lib64/libnss_dns-2.12.so
    7fc9c6dce000-7fc9c6dcf000 r--p 00004000 fc:01 2083                       /lib64/libnss_dns-2.12.so
    7fc9c6dcf000-7fc9c6dd0000 rw-p 00005000 fc:01 2083                       /lib64/libnss_dns-2.12.so
    7fc9c6dd0000-7fc9c6ddc000 r-xp 00000000 fc:01 70901                      /lib64/libnss_files-2.12.so
    7fc9c6ddc000-7fc9c6fdc000 ---p 0000c000 fc:01 70901                      /lib64/libnss_files-2.12.so
    7fc9c6fdc000-7fc9c6fdd000 r--p 0000c000 fc:01 70901                      /lib64/libnss_files-2.12.so
    7fc9c6fdd000-7fc9c6fde000 rw-p 0000d000 fc:01 70901                      /lib64/libnss_files-2.12.so
    7fc9c6fde000-7fc9c6fdf000 ---p 00000000 00:00 0
    7fc9c6fdf000-7fc9c79df000 rw-p 00000000 00:00 0
    7fc9c79df000-7fc9c79f6000 r-xp 00000000 fc:01 1046378                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/ixed.5.5.lin
    7fc9c79f6000-7fc9c7bf6000 ---p 00017000 fc:01 1046378                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/ixed.5.5.lin
    7fc9c7bf6000-7fc9c7bf7000 rw-p 00017000 fc:01 1046378                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/ixed.5.5.lin
    7fc9c7bf7000-7fc9c7bfd000 r-xp 00000000 fc:01 1032635                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/pdo_mysql.so
    7fc9c7bfd000-7fc9c7dfd000 ---p 00006000 fc:01 1032635                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/pdo_mysql.so
    7fc9c7dfd000-7fc9c7dfe000 rw-p 00006000 fc:01 1032635                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/pdo_mysql.so
    7fc9c7dfe000-7fc9c7eb3000 r-xp 00000000 fc:01 1032636                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/pdo_sqlite.so
    7fc9c7eb3000-7fc9c80b2000 ---p 000b5000 fc:01 1032636                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/pdo_sqlite.so
    7fc9c80b2000-7fc9c80b7000 rw-p 000b4000 fc:01 1032636                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/pdo_sqlite.so
    7fc9c80b7000-7fc9c80cd000 r-xp 00000000 fc:01 1057381                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/pdo.so
    7fc9c80cd000-7fc9c82cd000 ---p 00016000 fc:01 1057381                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/pdo.so
    7fc9c82cd000-7fc9c82d0000 rw-p 00016000 fc:01 1057381                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/pdo.so
    7fc9c82d0000-7fc9c82ef000 r-xp 00000000 fc:01 1032639                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/suhosin.so
    7fc9c82ef000-7fc9c84ef000 ---p 0001f000 fc:01 1032639                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/suhosin.so
    7fc9c84ef000-7fc9c84f4000 rw-p 0001f000 fc:01 1032639                    /usr/local/lib/php/extensions/no-debug-non-zts-20121212/suhosin.so
    7fc9c84f4000-7fc9c84f7000 rw-p 00000000 00:00 0
    7fc9c84f7000-7fc9c850d000 r-xp 00000000 fc:01 27100                      /lib64/libgcc_s-4.4.7-20120601.so.1
    7fc9c850d000-7fc9c870c000 ---p 00016000 fc:01 27100                      /lib64/libgcc_s-4.4.7-20120601.so.1
    7fc9c870c000-7fc9c870d000 rw-p 00015000 fc:01 27100                      /lib64/libgcc_s-4.4.7-20120601.so.1
    7fc9c870d000-7fc9c87f5000 r-xp 00000000 fc:01 3205                       /usr/lib64/libstdc++.so.6.0.13
    7fc9c87f5000-7fc9c89f5000 ---p 000e8000 fc:01 3205                       /usr/lib64/libstdc++.so.6.0.13
    7fc9c89f5000-7fc9c89fc000 r--p 000e8000 fc:01 3205                       /usr/lib64/libstdc++.so.6.0.13
    7fc9c89fc000-7fc9c89fe000 rw-p 000ef000 fc:01 3205                       /usr/lib64/libstdc++.so.6.0.13
    7fc9c89fe000-7fc9c8a13000 rw-p 00000000 00:00 0
    7fc9c8a13000-7fc9c8b59000 r-xp 00000000 fc:01 1302607                    /usr/local/Zend/lib/Guard-7.0.0/php-5.5.x/ZendGuardLoader.so
    7fc9c8b59000-7fc9c8d58000 ---p 00146000 fc:01 1302607                    /usr/local/Zend/lib/Guard-7.0.0/php-5.5.x/ZendGuardLoader.so
    7fc9c8d58000-7fc9c8d76000 rw-p 00145000 fc:01 1302607                    /usr/local/Zend/lib/Guard-7.0.0/php-5.5.x/ZendGuardLoader.so
    7fc9c8d76000-7fc9c8d7b000 rw-p 00000000 00:00 0
    7fc9c8d7b000-7fc9c8e90000 r-xp 00000000 fc:01 1302609                    /usr/local/IonCube/ioncube_loader_lin_5.5.so
    7fc9c8e90000-7fc9c8f8f000 ---p 00115000 fc:01 1302609                    /usr/local/IonCube/ioncube_loader_lin_5.5.so
    7fc9c8f8f000-7fc9c8f9d000 rw-p 00114000 fc:01 1302609                    /usr/local/IonCube/ioncube_loader_lin_5.5.so
    7fc9c8f9d000-7fc9c8fa0000 rw-p 00000000 00:00 0
    7fc9c8fa0000-7fc9c8fbd000 r-xp 00000000 fc:01 3126                       /lib64/libselinux.so.1
    7fc9c8fbd000-7fc9c91bc000 ---p 0001d000 fc:01 3126                       /lib64/libselinux.so.1
    7fc9c91bc000-7fc9c91bd000 r--p 0001c000 fc:01 3126                       /lib64/libselinux.so.1
    7fc9c91bd000-7fc9c91be000 rw-p 0001d000 fc:01 3126                       /lib64/libselinux.so.1
    7fc9c91be000-7fc9c91bf000 rw-p 00000000 00:00 0
    7fc9c91bf000-7fc9c91c1000 r-xp 00000000 fc:01 13192                      /usr/lib64/libXau.so.6.0.0
    7fc9c91c1000-7fc9c93c1000 ---p 00002000 fc:01 13192                      /usr/lib64/libXau.so.6.0.0
    7fc9c93c1000-7fc9c93c2000 rw-p 00002000 fc:01 13192                      /usr/lib64/libXau.so.6.0.0
    7fc9c93c2000-7fc9c93c4000 r-xp 00000000 fc:01 4627                       /lib64/libkeyutils.so.1.3
    7fc9c93c4000-7fc9c95c3000 ---p 00002000 fc:01 4627                       /lib64/libkeyutils.so.1.3
    7fc9c95c3000-7fc9c95c4000 r--p 00001000 fc:01 4627                       /lib64/libkeyutils.so.1.3
    7fc9c95c4000-7fc9c95c5000 rw-p 00002000 fc:01 4627                       /lib64/libkeyutils.so.1.3
    7fc9c95c5000-7fc9c95cf000 r-xp 00000000 fc:01 2962                       /lib64/libkrb5support.so.0.1
    7fc9c95cf000-7fc9c97ce000 ---p 0000a000 fc:01 2962                       /lib64/libkrb5support.so.0.1
    7fc9c97ce000-7fc9c97cf000 r--p 00009000 fc:01 2962                       /lib64/libkrb5support.so.0.1
    7fc9c97cf000-7fc9c97d0000 rw-p 0000a000 fc:01 2962                       /lib64/libkrb5support.so.0.1
    7fc9c97d0000-7fc9c97ee000 r-xp 00000000 fc:01 13235                      /usr/lib64/libxcb.so.1.1.0
    7fc9c97ee000-7fc9c99ed000 ---p 0001e000 fc:01 13235                      /usr/lib64/libxcb.so.1.1.0
    7fc9c99ed000-7fc9c99ee000 rw-p 0001d000 fc:01 13235                      /usr/lib64/libxcb.so.1.1.0
    7fc9c99ee000-7fc9c9a05000 r-xp 00000000 fc:01 3114                       /lib64/libaudit.so.1.0.0
    7fc9c9a05000-7fc9c9c05000 ---p 00017000 fc:01 3114                       /lib64/libaudit.so.1.0.0
    7fc9c9c05000-7fc9c9c06000 r--p 00017000 fc:01 3114                       /lib64/libaudit.so.1.0.0
    7fc9c9c06000-7fc9c9c11000 rw-p 00018000 fc:01 3114                       /lib64/libaudit.so.1.0.0
    7fc9c9c11000-7fc9c9c28000 r-xp 00000000 fc:01 2093                       /lib64/libpthread-2.12.so
    7fc9c9c28000-7fc9c9e28000 ---p 00017000 fc:01 2093                       /lib64/libpthread-2.12.so
    7fc9c9e28000-7fc9c9e29000 r--p 00017000 fc:01 2093                       /lib64/libpthread-2.12.so
    7fc9c9e29000-7fc9c9e2a000 rw-p 00018000 fc:01 2093                       /lib64/libpthread-2.12.so
    7fc9c9e2a000-7fc9c9e2e000 rw-p 00000000 00:00 0
    7fc9c9e2e000-7fc9c9e30000 r-xp 00000000 fc:01 878                        /lib64/libfreebl3.so
    7fc9c9e30000-7fc9ca02f000 ---p 00002000 fc:01 878                        /lib64/libfreebl3.so
    7fc9ca02f000-7fc9ca030000 r--p 00001000 fc:01 878                        /lib64/libfreebl3.so
    7fc9ca030000-7fc9ca031000 rw-p 00002000 fc:01 878                        /lib64/libfreebl3.so
    7fc9ca031000-7fc9ca047000 r-xp 00000000 fc:01 70903                      /lib64/libresolv-2.12.so
    7fc9ca047000-7fc9ca247000 ---p 00016000 fc:01 70903                      /lib64/libresolv-2.12.so
    7fc9ca247000-7fc9ca248000 r--p 00016000 fc:01 70903                      /lib64/libresolv-2.12.so
    7fc9ca248000-7fc9ca249000 rw-p 00017000 fc:01 70903                      /lib64/libresolv-2.12.so
    7fc9ca249000-7fc9ca24b000 rw-p 00000000 00:00 0
    7fc9ca24b000-7fc9ca3d5000 r-xp 00000000 fc:01 1151                       /lib64/libc-2.12.so
    7fc9ca3d5000-7fc9ca5d5000 ---p 0018a000 fc:01 1151                       /lib64/libc-2.12.so
    7fc9ca5d5000-7fc9ca5d9000 r--p 0018a000 fc:01 1151                       /lib64/libc-2.12.so
    7fc9ca5d9000-7fc9ca5da000 rw-p 0018e000 fc:01 1151                       /lib64/libc-2.12.so
    7fc9ca5da000-7fc9ca5df000 rw-p 00000000 00:00 0
    7fc9ca5df000-7fc9ca72f000 r-xp 00000000 fc:01 109363                     /opt/xml2/lib/libxml2.so.2.9.2
    7fc9ca72f000-7fc9ca92e000 ---p 00150000 fc:01 109363                     /opt/xml2/lib/libxml2.so.2.9.2
    7fc9ca92e000-7fc9ca938000 rw-p 0014f000 fc:01 109363                     /opt/xml2/lib/libxml2.so.2.9.2
    7fc9ca938000-7fc9ca939000 rw-p 00000000 00:00 0
    7fc9ca939000-7fc9ca9d1000 r-xp 00000000 fc:01 6848                       /usr/lib64/libfreetype.so.6.3.22
    7fc9ca9d1000-7fc9cabd0000 ---p 00098000 fc:01 6848                       /usr/lib64/libfreetype.so.6.3.22
    7fc9cabd0000-7fc9cabd6000 rw-p 00097000 fc:01 6848                       /usr/lib64/libfreetype.so.6.3.22
    7fc9cabd6000-7fc9cac08000 r-xp 00000000 fc:01 3314                       /lib64/libidn.so.11.6.1
    7fc9cac08000-7fc9cae07000 ---p 00032000 fc:01 3314                       /lib64/libidn.so.11.6.1
    7fc9cae07000-7fc9cae08000 rw-p 00031000 fc:01 3314                       /lib64/libidn.so.11.6.1
    7fc9cae08000-7fc9cae65000 r-xp 00000000 fc:01 112540                     /opt/curlssl/lib/libcurl.so.4.3.0
    7fc9cae65000-7fc9cb064000 ---p 0005d000 fc:01 112540                     /opt/curlssl/lib/libcurl.so.4.3.0
    7fc9cb064000-7fc9cb067000 rw-p 0005c000 fc:01 112540                     /opt/curlssl/lib/libcurl.so.4.3.0
    7fc9cb067000-7fc9cb06a000 r-xp 00000000 fc:01 3109                       /lib64/libcom_err.so.2.1
    7fc9cb06a000-7fc9cb269000 ---p 00003000 fc:01 3109                       /lib64/libcom_err.so.2.1
    7fc9cb269000-7fc9cb26a000 r--p 00002000 fc:01 3109                       /lib64/libcom_err.so.2.1
    7fc9cb26a000-7fc9cb26b000 rw-p 00003000 fc:01 3109                       /lib64/libcom_err.so.2.1
    7fc9cb26b000-7fc9cb294000 r-xp 00000000 fc:01 2958                       /lib64/libk5crypto.so.3.1
    7fc9cb294000-7fc9cb494000 ---p 00029000 fc:01 2958                       /lib64/libk5crypto.so.3.1
    7fc9cb494000-7fc9cb495000 r--p 00029000 fc:01 2958                       /lib64/libk5crypto.so.3.1
    7fc9cb495000-7fc9cb496000 rw-p 0002a000 fc:01 2958                       /lib64/libk5crypto.so.3.1
    7fc9cb496000-7fc9cb497000 rw-p 00000000 00:00 0
    7fc9cb497000-7fc9cb572000 r-xp 00000000 fc:01 2960                       /lib64/libkrb5.so.3.3
    7fc9cb572000-7fc9cb772000 ---p 000db000 fc:01 2960                       /lib64/libkrb5.so.3.3
    7fc9cb772000-7fc9cb77c000 r--p 000db000 fc:01 2960                       /lib64/libkrb5.so.3.3
    7fc9cb77c000-7fc9cb77e000 rw-p 000e5000 fc:01 2960                       /lib64/libkrb5.so.3.3
    7fc9cb77e000-7fc9cb7bf000 r-xp 00000000 fc:01 2696                       /lib64/libgssapi_krb5.so.2.2
    7fc9cb7bf000-7fc9cb9bf000 ---p 00041000 fc:01 2696                       /lib64/libgssapi_krb5.so.2.2
    7fc9cb9bf000-7fc9cb9c0000 r--p 00041000 fc:01 2696                       /lib64/libgssapi_krb5.so.2.2
    7fc9cb9c0000-7fc9cb9c2000 rw-p 00042000 fc:01 2696                       /lib64/libgssapi_krb5.so.2.2
    7fc9cb9c2000-7fc9cb9d8000 r-xp 00000000 fc:01 70899                      /lib64/libnsl-2.12.so
    7fc9cb9d8000-7fc9cbbd7000 ---p 00016000 fc:01 70899                      /lib64/libnsl-2.12.so
    7fc9cbbd7000-7fc9cbbd8000 r--p 00015000 fc:01 70899                      /lib64/libnsl-2.12.so
    7fc9cbbd8000-7fc9cbbd9000 rw-p 00016000 fc:01 70899                      /lib64/libnsl-2.12.so
    7fc9cbbd9000-7fc9cbbdb000 rw-p 00000000 00:00 0
    7fc9cbbdb000-7fc9cbbdd000 r-xp 00000000 fc:01 70897                      /lib64/libdl-2.12.so
    7fc9cbbdd000-7fc9cbddd000 ---p 00002000 fc:01 70897                      /lib64/libdl-2.12.so
    7fc9cbddd000-7fc9cbdde000 r--p 00002000 fc:01 70897                      /lib64/libdl-2.12.so
    7fc9cbdde000-7fc9cbddf000 rw-p 00003000 fc:01 70897                      /lib64/libdl-2.12.so
    7fc9cbddf000-7fc9cbe62000 r-xp 00000000 fc:01 70898                      /lib64/libm-2.12.so
    7fc9cbe62000-7fc9cc061000 ---p 00083000 fc:01 70898                      /lib64/libm-2.12.so
    7fc9cc061000-7fc9cc062000 r--p 00082000 fc:01 70898                      /lib64/libm-2.12.so
    7fc9cc062000-7fc9cc063000 rw-p 00083000 fc:01 70898                      /lib64/libm-2.12.so
    7fc9cc063000-7fc9cc06a000 r-xp 00000000 fc:01 70904                      /lib64/librt-2.12.so
    7fc9cc06a000-7fc9cc269000 ---p 00007000 fc:01 70904                      /lib64/librt-2.12.so
    7fc9cc269000-7fc9cc26a000 r--p 00006000 fc:01 70904                      /lib64/librt-2.12.so
    7fc9cc26a000-7fc9cc26b000 rw-p 00007000 fc:01 70904                      /lib64/librt-2.12.so
    7fc9cc26b000-7fc9cc2ad000 r-xp 00000000 fc:01 100078                     /opt/pcre/lib/libpcre.so.1.2.4
    7fc9cc2ad000-7fc9cc4ad000 ---p 00042000 fc:01 100078                     /opt/pcre/lib/libpcre.so.1.2.4
    7fc9cc4ad000-7fc9cc4ae000 rw-p 00042000 fc:01 100078                     /opt/pcre/lib/libpcre.so.1.2.4
    7fc9cc4ae000-7fc9cc4ed000 r-xp 00000000 fc:01 6873                       /usr/lib64/libjpeg.so.62.0.0
    7fc9cc4ed000-7fc9cc6ed000 ---p 0003f000 fc:01 6873                       /usr/lib64/libjpeg.so.62.0.0
    7fc9cc6ed000-7fc9cc6ee000 rw-p 0003f000 fc:01 6873                       /usr/lib64/libjpeg.so.62.0.0
    7fc9cc6ee000-7fc9cc6fe000 rw-p 00000000 00:00 0
    7fc9cc6fe000-7fc9cc723000 r-xp 00000000 fc:01 6882                       /usr/lib64/libpng12.so.0.49.0
    7fc9cc723000-7fc9cc923000 ---p 00025000 fc:01 6882                       /usr/lib64/libpng12.so.0.49.0
    7fc9cc923000-7fc9cc924000 rw-p 00025000 fc:01 6882                       /usr/lib64/libpng12.so.0.49.0
    7fc9cc924000-7fc9cc935000 r-xp 00000000 fc:01 15792                      /usr/lib64/libXpm.so.4.11.0
    7fc9cc935000-7fc9ccb34000 ---p 00011000 fc:01 15792                      /usr/lib64/libXpm.so.4.11.0
    7fc9ccb34000-7fc9ccb35000 rw-p 00010000 fc:01 15792                      /usr/lib64/libXpm.so.4.11.0
    7fc9ccb35000-7fc9ccc6c000 r-xp 00000000 fc:01 15785                      /usr/lib64/libX11.so.6.3.0
    7fc9ccc6c000-7fc9cce6c000 ---p 00137000 fc:01 15785                      /usr/lib64/libX11.so.6.3.0
    7fc9cce6c000-7fc9cce72000 rw-p 00137000 fc:01 15785                      /usr/lib64/libX11.so.6.3.0
    7fc9cce72000-7fc9cce7e000 r-xp 00000000 fc:01 4331                       /lib64/libpam.so.0.82.2
    7fc9cce7e000-7fc9cd07e000 ---p 0000c000 fc:01 4331                       /lib64/libpam.so.0.82.2
    7fc9cd07e000-7fc9cd07f000 r--p 0000c000 fc:01 4331                       /lib64/libpam.so.0.82.2
    7fc9cd07f000-7fc9cd080000 rw-p 0000d000 fc:01 4331                       /lib64/libpam.so.0.82.2
    7fc9cd080000-7fc9cd089000 r-xp 00000000 fc:01 17237                      /usr/lib64/libltdl.so.7.2.1
    7fc9cd089000-7fc9cd288000 ---p 00009000 fc:01 17237                      /usr/lib64/libltdl.so.7.2.1
    7fc9cd288000-7fc9cd289000 rw-p 00008000 fc:01 17237                      /usr/lib64/libltdl.so.7.2.1
    7fc9cd289000-7fc9cd2b3000 r-xp 00000000 fc:01 115841                     /opt/libmcrypt/lib/libmcrypt.so.4.4.8
    7fc9cd2b3000-7fc9cd4b2000 ---p 0002a000 fc:01 115841                     /opt/libmcrypt/lib/libmcrypt.so.4.4.8
    7fc9cd4b2000-7fc9cd4b6000 rw-p 00029000 fc:01 115841                     /opt/libmcrypt/lib/libmcrypt.so.4.4.8
    7fc9cd4b6000-7fc9cd4bb000 rw-p 00000000 00:00 0
    7fc9cd4bb000-7fc9cd794000 r-xp 00000000 fc:01 68353                      /usr/lib64/libmysqlclient.so.18.0.0
    7fc9cd794000-7fc9cd994000 ---p 002d9000 fc:01 68353                      /usr/lib64/libmysqlclient.so.18.0.0
    7fc9cd994000-7fc9cda18000 rw-p 002d9000 fc:01 68353                      /usr/lib64/libmysqlclient.so.18.0.0
    7fc9cda18000-7fc9cda1d000 rw-p 00000000 00:00 0
    7fc9cda1d000-7fc9cda32000 r-xp 00000000 fc:01 3054                       /lib64/libz.so.1.2.3
    7fc9cda32000-7fc9cdc31000 ---p 00015000 fc:01 3054                       /lib64/libz.so.1.2.3
    7fc9cdc31000-7fc9cdc32000 r--p 00014000 fc:01 3054                       /lib64/libz.so.1.2.3
    7fc9cdc32000-7fc9cdc33000 rw-p 00015000 fc:01 3054                       /lib64/libz.so.1.2.3
    7fc9cdc33000-7fc9cdc95000 r-xp 00000000 fc:01 70526                      /usr/lib64/libssl.so.1.0.1e
    7fc9cdc95000-7fc9cde94000 ---p 00062000 fc:01 70526                      /usr/lib64/libssl.so.1.0.1e
    7fc9cde94000-7fc9cde98000 r--p 00061000 fc:01 70526                      /usr/lib64/libssl.so.1.0.1e
    7fc9cde98000-7fc9cde9f000 rw-p 00065000 fc:01 70526                      /usr/lib64/libssl.so.1.0.1e
    7fc9cde9f000-7fc9ce058000 r-xp 00000000 fc:01 2989                       /usr/lib64/libcrypto.so.1.0.1e
    7fc9ce058000-7fc9ce257000 ---p 001b9000 fc:01 2989                       /usr/lib64/libcrypto.so.1.0.1e
    7fc9ce257000-7fc9ce272000 r--p 001b8000 fc:01 2989                       /usr/lib64/libcrypto.so.1.0.1e
    7fc9ce272000-7fc9ce27e000 rw-p 001d3000 fc:01 2989                       /usr/lib64/libcrypto.so.1.0.1e
    7fc9ce27e000-7fc9ce282000 rw-p 00000000 00:00 0
    7fc9ce282000-7fc9ce289000 r-xp 00000000 fc:01 2073                       /lib64/libcrypt-2.12.so
    7fc9ce289000-7fc9ce489000 ---p 00007000 fc:01 2073                       /lib64/libcrypt-2.12.so
    7fc9ce489000-7fc9ce48a000 r--p 00007000 fc:01 2073                       /lib64/libcrypt-2.12.so
    7fc9ce48a000-7fc9ce48b000 rw-p 00008000 fc:01 2073                       /lib64/libcrypt-2.12.so
    7fc9ce48b000-7fc9ce4b9000 rw-p 00000000 00:00 0
    7fc9ce4b9000-7fc9ce4d9000 r-xp 00000000 fc:01 2694                       /lib64/ld-2.12.so
    7fc9ce52b000-7fc9ce6cd000 rw-p 00000000 00:00 0
    7fc9ce6d7000-7fc9ce6d8000 rw-p 00000000 00:00 0
    7fc9ce6d8000-7fc9ce6d9000 r--p 0001f000 fc:01 2694                       /lib64/ld-2.12.so
    7fc9ce6d9000-7fc9ce6da000 rw-p 00020000 fc:01 2694                       /lib64/ld-2.12.so
    7fc9ce6da000-7fc9ce6db000 rw-p 00000000 00:00 0
    7fff03ee0000-7fff03ef5000 rw-p 00000000 00:00 0                          [stack]
    7fff03fff000-7fff04000000 r-xp 00000000 00:00 0                          [vdso]
    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
    Thank you
    Nik
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You will find several discussions of this notification by searching the term "Suspicious process running under user" on the forums here.

    Thank you.
     
Loading...

Share This Page