Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Suspicious process running under user

Discussion in 'General Discussion' started by mamayukero, Dec 14, 2018.

  1. mamayukero

    mamayukero Registered

    Joined:
    Nov 27, 2018
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Agro Plaza, Kuningan Jakarta
    cPanel Access Level:
    Root Administrator
    Hi,

    I got an error and often this message appears.

    like this:

    Time: Fri Dec 14 11:47:11 2018 +0700
    PID: 3132 (Parent PID:4543)
    Account: ......
    Uptime: 110 seconds


    Executable:

    /opt/cpanel/ea-php70/root/usr/sbin/php-fpm


    Command Line (often faked in exploits):

    php-fpm: pool .....


    Network connections by the process (if any):

    tcp: .....


    Files open by the process (if any):

    /tmp/.ZendSem.zyMTxg (deleted)
    /dev/urandom


    Memory maps by the process (if any):
    .
    .
    .
    .
    .
    .
    7f586e408000-7f586e42d000 rw-p 00000000 00:00 0
    7f586e42d000-7f586e462000 r--s 00000000 b6:4a5b1 550428 /var/db/nscd/hosts
    7f586e462000-7f586e4e6000 rw-p 00000000 00:00 0
    7f586e4ef000-7f586e4f1000 rw-s 00000000 00:04 2095223666 /dev/zero (deleted)
    7f586e4f1000-7f586e4f2000 rw-p 00000000 00:00 0
    7f586e4f2000-7f586e4f3000 r--p 00021000 b6:4a5b1 395545 /usr/lib64/ld-2.17.so
    7f586e4f3000-7f586e4f4000 rw-p 00022000 b6:4a5b1 395545 /usr/lib64/ld-2.17.so
    7f586e4f4000-7f586e4f5000 rw-p 00000000 00:00 0
    7ffea8c64000-7ffea8c85000 rw-p 00000000 00:00 0 [stack]
    7ffea8df9000-7ffea8dfb000 r-xp 00000000 00:00 0 [vdso]
    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]



    Can anyone explain and help me?
     
    #1 mamayukero, Dec 14, 2018
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    442
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Add the following line to to your /etc/csf/csf.pignore file

    Code:
    pexe:/opt/cpanel/ea-php*/root/usr/sbin/php-fpm
    Click Change and then Restart lfd
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 rpvw, Dec 14, 2018
  3. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,459
    Likes Received:
    503
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPanelLauren, Dec 17, 2018
(You must log in or sign up to post here.)
Loading...
Similar Threads - Suspicious process running
  1. MuratB

    Suspicious Process Running Error

    MuratB, Jul 9, 2019, in forum: Security
    Replies:
    3
    Views:
    202
    cPanelLauren
    Jul 10, 2019 at 9:08 AM
  2. athanasiusrc

    php-fpm Suspicious process running under user

    athanasiusrc, Jul 1, 2019, in forum: Security
    Replies:
    1
    Views:
    213
    cPanelMichael
    Jul 3, 2019
  3. Stichting FreeSpeechTube

    Suspicious process running under user

    Stichting FreeSpeechTube, May 21, 2019, in forum: Security
    Replies:
    2
    Views:
    246
    Stichting FreeSpeechTube
    May 21, 2019
  4. brock41

    Suspicious process running under user mailnull

    brock41, Apr 19, 2019, in forum: E-mail Discussion
    Replies:
    4
    Views:
    432
    cPanelLauren
    Apr 22, 2019
  5. Ted Curvin

    Suspicious Process Running

    Ted Curvin, Mar 19, 2019, in forum: Security
    Replies:
    1
    Views:
    483
    Infopro
    Mar 19, 2019

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice