Huge load with wpt-wp-cli.php for specific users
For 2 specific users I am seeing a huge load with multiple processes as:
Even if I kill the processes, they keep coming back. Note that for both users, the wp installations repeatedly appear to get compromised. (Integrity fails)
/opt/cpanel/ea-php74/root/usr/bin/php -r require '/usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/wpt-wp-cli.php'; -d safe_mode=off -d display_errors=on -d opcache.enable_cli=off -d open_basedir= -d error_reporting=341 -d max_execution_time=60 --no-header -- --no-color --path=/home/user/public_html instance info --format=json --check-updates=true
Even if I kill the processes, they keep coming back. Note that for both users, the wp installations repeatedly appear to get compromised. (Integrity fails)
-
Hey there! Since you mentioned the users are being frequently compromised, that is almost certainly the root cause of the issue. Can you tell where specifically the compromise is happening - as in, are the same files being changed repeatedly on the account? If not, it would be best for anyone with access to the account to perform a malware scan of their local computers to ensure those are not infected as well, since keylogging tools are a common way to steal passwords. 0 -
I was not actually looking for a solution for malware here. I'll look into that. But as I see require '/usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/wpt-wp-cli.php
I assume it's related to wp-toolkit? What is wp-toolkit doing here? Auto Malware/Integrity scan? And how can I prevent it from doing that?0 -
You can't keep that from running unless it is totally removed from the system. WP Toolkit | cPanel & WHM Documentation 0
Please sign in to leave a comment.
Comments
3 comments