Skip to main content

LFD Notice of Suspicious Process

Comments

2 comments

  • rpvw
    php-cgi itself is not a suspicious process, just in the same way that a call to php or SQL isn't suspicious in itself.. The php scripts that use these processes may be trying to do something that you don't particularly want to have running on your server ........ eg a php script that is sending thousands of spam messages out ! You need to acknowledge that preventing CSF/lfd from tracking any process has consequences, as it may also prevent reporting on run-away or excessive system resources that the process is consuming. You already know the executable from the email you received Executable: /opt/cpanel/ea-php54/root/usr/bin/php-cgi
    If you are satisfied that the processes you are seeing are not malicious, you can eliminate the CSF/lfd suspicious process warning for the php-cgi processes by adding the following regex to cover all your php versions to the /etc/csf/csf.pignore file pexe:/opt/cpanel/ea-php*/root/usr/bin/php-cgi
    Hope this helps
    0
  • cPanelMichael
    Hello, The information in the previous post is correct. Also, keep in mind that CSF/LFD is a third-party application and not a direct feature of cPanel & WHM. You can find their support forums at: General Discussion (csf) - ConfigServer Community Forum Thank you.
    0

Please sign in to leave a comment.