Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Suspicious process running under user

Discussion in 'General Discussion' started by mamayukero, Dec 14, 2018.

  1. mamayukero

    mamayukero Registered

    Joined:
    Nov 27, 2018
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Agro Plaza, Kuningan Jakarta
    cPanel Access Level:
    Root Administrator
    Hi,

    I got an error and often this message appears.

    like this:

    Time: Fri Dec 14 11:47:11 2018 +0700
    PID: 3132 (Parent PID:4543)
    Account: ......
    Uptime: 110 seconds


    Executable:

    /opt/cpanel/ea-php70/root/usr/sbin/php-fpm


    Command Line (often faked in exploits):

    php-fpm: pool .....


    Network connections by the process (if any):

    tcp: .....


    Files open by the process (if any):

    /tmp/.ZendSem.zyMTxg (deleted)
    /dev/urandom


    Memory maps by the process (if any):
    .
    .
    .
    .
    .
    .
    7f586e408000-7f586e42d000 rw-p 00000000 00:00 0
    7f586e42d000-7f586e462000 r--s 00000000 b6:4a5b1 550428 /var/db/nscd/hosts
    7f586e462000-7f586e4e6000 rw-p 00000000 00:00 0
    7f586e4ef000-7f586e4f1000 rw-s 00000000 00:04 2095223666 /dev/zero (deleted)
    7f586e4f1000-7f586e4f2000 rw-p 00000000 00:00 0
    7f586e4f2000-7f586e4f3000 r--p 00021000 b6:4a5b1 395545 /usr/lib64/ld-2.17.so
    7f586e4f3000-7f586e4f4000 rw-p 00022000 b6:4a5b1 395545 /usr/lib64/ld-2.17.so
    7f586e4f4000-7f586e4f5000 rw-p 00000000 00:00 0
    7ffea8c64000-7ffea8c85000 rw-p 00000000 00:00 0 [stack]
    7ffea8df9000-7ffea8dfb000 r-xp 00000000 00:00 0 [vdso]
    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]



    Can anyone explain and help me?
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    442
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Add the following line to to your /etc/csf/csf.pignore file

    Code:
    pexe:/opt/cpanel/ea-php*/root/usr/sbin/php-fpm
    Click Change and then Restart lfd
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,459
    Likes Received:
    503
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice