Emails about: Suspicious process Alerts

i got emails like this 10 times a day: I think its connecting dns server, but i dunno why its alerting me? And what to do to stop this. Subject: lfd on s1.mydomain.com: Suspicious process running under user myuser

Time:    Thu May  1 15:48:27 2014 +0300
PID:     27705 (Parent PID:27295)
Account: myuser
Uptime:  2107 seconds


Executable:

/usr/bin/php


Command Line (often faked in exploits):

/usr/bin/php


Network connections by the process (if any):

udp: 146.185.xxx.xxx:58125 -> 4.2.2.2:53


Files open by the process (if any):

/usr/local/apache/logs/error_log
/usr/local/apache/logs/error_log


Memory maps by the process (if any):

00400000-00a89000 r-xp 00000000 fd:00 805934                             /usr/bin/php
00c88000-00cf5000 rw-p 00688000 fd:00 805934                             /usr/bin/php
00cf5000-00d03000 rw-p 00000000 00:00 0
01e4e000-037de000 rw-p 00000000 00:00 0                                  [heap]
7fa518000000-7fa518021000 rw-p 00000000 00:00 0
7fa518021000-7fa51c000000 ---p 00000000 00:00 0
7fa51f7b6000-7fa51f7bb000 r-xp 00000000 fd:00 655822                     /lib64/libnss_dns-2.12.so
7fa51f7bb000-7fa51f9ba000 ---p 00005000 fd:00 655822                     /lib64/libnss_dns-2.12.so
7fa51f9ba000-7fa51f9bb000 r--p 00004000 fd:00 655822                     /lib64/libnss_dns-2.12.so
7fa51f9bb000-7fa51f9bc000 rw-p 00005000 fd:00 655822                     /lib64/libnss_dns-2.12.so
7fa51f9bc000-7fa51f9c8000 r-xp 00000000 fd:00 655612                     /lib64/libnss_files-2.12.so
7fa51f9c8000-7fa51fbc8000 ---p 0000c000 fd:00 655612                     /lib64/libnss_files-2.12.so
7fa51fbc8000-7fa51fbc9000 r--p 0000c000 fd:00 655612                     /lib64/libnss_files-2.12.so
7fa51fbc9000-7fa51fbca000 rw-p 0000d000 fd:00 655612                     /lib64/libnss_files-2.12.so
7fa51fbca000-7fa51fbcb000 ---p 00000000 00:00 0
7fa51fbcb000-7fa5205cb000 rwxp 00000000 00:00 0
7fa5205cb000-7fa5205df000 r-xp 00000000 fd:00 1321442                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ixed.5.2.lin
7fa5205df000-7fa5207df000 ---p 00014000 fd:00 1321442                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ixed.5.2.lin
7fa5207df000-7fa5207e0000 rw-p 00014000 fd:00 1321442                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ixed.5.2.lin
7fa5207e0000-7fa5207e7000 r-xp 00000000 fd:00 1321459                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.so
7fa5207e7000-7fa5209e6000 ---p 00007000 fd:00 1321459                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.so
7fa5209e6000-7fa5209e7000 rw-p 00006000 fd:00 1321459                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.so
7fa5209e7000-7fa520a40000 r-xp 00000000 fd:00 1321461                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so
7fa520a40000-7fa520c3f000 ---p 00059000 fd:00 1321461                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so
7fa520c3f000-7fa520c44000 rw-p 00058000 fd:00 1321461                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so
7fa520c44000-7fa520cad000 r-xp 00000000 fd:00 1321460                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.so
7fa520cad000-7fa520ead000 ---p 00069000 fd:00 1321460                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.so
7fa520ead000-7fa520eb0000 rw-p 00069000 fd:00 1321460                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.so
7fa520eb0000-7fa520ec6000 r-xp 00000000 fd:00 1321458                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so
7fa520ec6000-7fa5210c6000 ---p 00016000 fd:00 1321458                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so
7fa5210c6000-7fa5210c9000 rw-p 00016000 fd:00 1321458                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so
7fa5210c9000-7fa52124d000 r-xp 00000000 fd:00 921828                     /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
7fa52124d000-7fa52134c000 ---p 00184000 fd:00 921828                     /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
7fa52134c000-7fa521372000 rw-p 00183000 fd:00 921828                     /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
7fa521372000-7fa521377000 rw-p 00000000 00:00 0
7fa521377000-7fa521469000 r-xp 00000000 fd:00 921829                     /usr/local/IonCube/ioncube_loader_lin_5.2.so
7fa521469000-7fa521569000 ---p 000f2000 fd:00 921829                     /usr/local/IonCube/ioncube_loader_lin_5.2.so
7fa521569000-7fa521578000 rw-p 000f2000 fd:00 921829                     /usr/local/IonCube/ioncube_loader_lin_5.2.so
7fa521578000-7fa52157b000 rw-p 00000000 00:00 0
7fa52157b000-7fa521598000 r-xp 00000000 fd:00 655635                     /lib64/libselinux.so.1
7fa521598000-7fa521797000 ---p 0001d000 fd:00 655635                     /lib64/libselinux.so.1
7fa521797000-7fa521798000 r--p 0001c000 fd:00 655635                     /lib64/libselinux.so.1
7fa521798000-7fa521799000 rw-p 0001d000 fd:00 655635                     /lib64/libselinux.so.1
7fa521799000-7fa52179a000 rw-p 00000000 00:00 0
7fa52179a000-7fa52179c000 r-xp 00000000 fd:00 805516                     /usr/lib64/libXau.so.6.0.0
7fa52179c000-7fa52199c000 ---p 00002000 fd:00 805516                     /usr/lib64/libXau.so.6.0.0
7fa52199c000-7fa52199d000 rw-p 00002000 fd:00 805516                     /usr/lib64/libXau.so.6.0.0
7fa52199d000-7fa52199f000 r-xp 00000000 fd:00 655777                     /lib64/libkeyutils.so.1.3
7fa52199f000-7fa521b9e000 ---p 00002000 fd:00 655777                     /lib64/libkeyutils.so.1.3
7fa521b9e000-7fa521b9f000 r--p 00001000 fd:00 655777                     /lib64/libkeyutils.so.1.3
7fa521b9f000-7fa521ba0000 rw-p 00002000 fd:00 655777                     /lib64/libkeyutils.so.1.3
7fa521ba0000-7fa521baa000 r-xp 00000000 fd:00 655631                     /lib64/libkrb5support.so.0.1
7fa521baa000-7fa521da9000 ---p 0000a000 fd:00 655631                     /lib64/libkrb5support.so.0.1
7fa521da9000-7fa521daa000 r--p 00009000 fd:00 655631                     /lib64/libkrb5support.so.0.1
7fa521daa000-7fa521dab000 rw-p 0000a000 fd:00 655631                     /lib64/libkrb5support.so.0.1
7fa521dab000-7fa521dc8000 r-xp 00000000 fd:00 805584                     /usr/lib64/libxcb.so.1.1.0
7fa521dc8000-7fa521fc8000 ---p 0001d000 fd:00 805584                     /usr/lib64/libxcb.so.1.1.0
7fa521fc8000-7fa521fc9000 rw-p 0001d000 fd:00 805584                     /usr/lib64/libxcb.so.1.1.0
7fa521fc9000-7fa521fe0000 r-xp 00000000 fd:00 655799                     /lib64/libaudit.so.1.0.0
7fa521fe0000-7fa5221df000 ---p 00017000 fd:00 655799                     /lib64/libaudit.so.1.0.0
7fa5221df000-7fa5221e0000 r--p 00016000 fd:00 655799                     /lib64/libaudit.so.1.0.0
7fa5221e0000-7fa5221e5000 rw-p 00017000 fd:00 655799                     /lib64/libaudit.so.1.0.0
7fa5221e5000-7fa5221fc000 r-xp 00000000 fd:00 655688                     /lib64/libpthread-2.12.so
7fa5221fc000-7fa5223fc000 ---p 00017000 fd:00 655688                     /lib64/libpthread-2.12.so
7fa5223fc000-7fa5223fd000 r--p 00017000 fd:00 655688                     /lib64/libpthread-2.12.so
7fa5223fd000-7fa5223fe000 rw-p 00018000 fd:00 655688                     /lib64/libpthread-2.12.so
7fa5223fe000-7fa522402000 rw-p 00000000 00:00 0
7fa522402000-7fa522473000 r-xp 00000000 fd:00 655482                     /lib64/libfreebl3.so
7fa522473000-7fa522672000 ---p 00071000 fd:00 655482                     /lib64/libfreebl3.so
7fa522672000-7fa522674000 r--p 00070000 fd:00 655482                     /lib64/libfreebl3.so
7fa522674000-7fa522675000 rw-p 00072000 fd:00 655482                     /lib64/libfreebl3.so
7fa522675000-7fa522679000 rw-p 00000000 00:00 0
7fa522679000-7fa52268f000 r-xp 00000000 fd:00 660793                     /lib64/libgcc_s-4.4.7-20120601.so.1
7fa52268f000-7fa52288e000 ---p 00016000 fd:00 660793                     /lib64/libgcc_s-4.4.7-20120601.so.1
7fa52288e000-7fa52288f000 rw-p 00015000 fd:00 660793                     /lib64/libgcc_s-4.4.7-20120601.so.1
7fa52288f000-7fa522a1a000 r-xp 00000000 fd:00 655820                     /lib64/libc-2.12.so
7fa522a1a000-7fa522c19000 ---p 0018b000 fd:00 655820                     /lib64/libc-2.12.so
7fa522c19000-7fa522c1d000 r--p 0018a000 fd:00 655820                     /lib64/libc-2.12.so
7fa522c1d000-7fa522c1e000 rw-p 0018e000 fd:00 655820                     /lib64/libc-2.12.so
7fa522c1e000-7fa522c23000 rw-p 00000000 00:00 0
7fa522c23000-7fa522d72000 r-xp 00000000 fd:00 262379                     /opt/xml2/lib/libxml2.so.2.9.0
7fa522d72000-7fa522f71000 ---p 0014f000 fd:00 262379                     /opt/xml2/lib/libxml2.so.2.9.0
7fa522f71000-7fa522f7b000 rw-p 0014e000 fd:00 262379                     /opt/xml2/lib/libxml2.so.2.9.0
7fa522f7b000-7fa522f7c000 rw-p 00000000 00:00 0
7fa522f7c000-7fa522fb8000 r-xp 00000000 fd:00 265781                     /opt/xslt/lib/libxslt.so.1.1.27
7fa522fb8000-7fa5231b7000 ---p 0003c000 fd:00 265781                     /opt/xslt/lib/libxslt.so.1.1.27
7fa5231b7000-7fa5231b9000 rw-p 0003b000 fd:00 265781                     /opt/xslt/lib/libxslt.so.1.1.27
7fa5231b9000-7fa5231eb000 r-xp 00000000 fd:00 655597                     /lib64/libidn.so.11.6.1
7fa5231eb000-7fa5233ea000 ---p 00032000 fd:00 655597                     /lib64/libidn.so.11.6.1
7fa5233ea000-7fa5233eb000 rw-p 00031000 fd:00 655597                     /lib64/libidn.so.11.6.1
7fa5233eb000-7fa523443000 r-xp 00000000 fd:00 262633                     /opt/curlssl/lib/libcurl.so.4.2.0
7fa523443000-7fa523643000 ---p 00058000 fd:00 262633                     /opt/curlssl/lib/libcurl.so.4.2.0
7fa523643000-7fa523646000 rw-p 00058000 fd:00 262633                     /opt/curlssl/lib/libcurl.so.4.2.0
7fa523646000-7fa523649000 r-xp 00000000 fd:00 655758                     /lib64/libcom_err.so.2.1
7fa523649000-7fa523848000 ---p 00003000 fd:00 655758                     /lib64/libcom_err.so.2.1
7fa523848000-7fa523849000 r--p 00002000 fd:00 655758                     /lib64/libcom_err.so.2.1
7fa523849000-7fa52384a000 rw-p 00003000 fd:00 655758                     /lib64/libcom_err.so.2.1
7fa52384a000-7fa523873000 r-xp 00000000 fd:00 655762                     /lib64/libk5crypto.so.3.1
7fa523873000-7fa523a73000 ---p 00029000 fd:00 655762                     /lib64/libk5crypto.so.3.1
7fa523a73000-7fa523a74000 r--p 00029000 fd:00 655762                     /lib64/libk5crypto.so.3.1
7fa523a74000-7fa523a75000 rw-p 0002a000 fd:00 655762                     /lib64/libk5crypto.so.3.1
7fa523a75000-7fa523a76000 rw-p 00000000 00:00 0
7fa523a76000-7fa523b51000 r-xp 00000000 fd:00 655766                     /lib64/libkrb5.so.3.3
7fa523b51000-7fa523d50000 ---p 000db000 fd:00 655766                     /lib64/libkrb5.so.3.3
7fa523d50000-7fa523d5a000 r--p 000da000 fd:00 655766                     /lib64/libkrb5.so.3.3
7fa523d5a000-7fa523d5c000 rw-p 000e4000 fd:00 655766                     /lib64/libkrb5.so.3.3
7fa523d5c000-7fa523d9d000 r-xp 00000000 fd:00 655614                     /lib64/libgssapi_krb5.so.2.2
7fa523d9d000-7fa523f9d000 ---p 00041000 fd:00 655614                     /lib64/libgssapi_krb5.so.2.2
7fa523f9d000-7fa523f9e000 r--p 00041000 fd:00 655614                     /lib64/libgssapi_krb5.so.2.2
7fa523f9e000-7fa523fa0000 rw-p 00042000 fd:00 655614                     /lib64/libgssapi_krb5.so.2.2
7fa523fa0000-7fa523fb6000 r-xp 00000000 fd:00 655499                     /lib64/libnsl-2.12.so
7fa523fb6000-7fa5241b5000 ---p 00016000 fd:00 655499                     /lib64/libnsl-2.12.so
7fa5241b5000-7fa5241b6000 r--p 00015000 fd:00 655499                     /lib64/libnsl-2.12.so
7fa5241b6000-7fa5241b7000 rw-p 00016000 fd:00 655499                     /lib64/libnsl-2.12.so
7fa5241b7000-7fa5241b9000 rw-p 00000000 00:00 0
7fa5241b9000-7fa5241cf000 r-xp 00000000 fd:00 655501                     /lib64/libresolv-2.12.so
7fa5241cf000-7fa5243cf000 ---p 00016000 fd:00 655501                     /lib64/libresolv-2.12.so
7fa5243cf000-7fa5243d0000 r--p 00016000 fd:00 655501                     /lib64/libresolv-2.12.so
7fa5243d0000-7fa5243d1000 rw-p 00017000 fd:00 655501                     /lib64/libresolv-2.12.so
7fa5243d1000-7fa5243d3000 rw-p 00000000 00:00 0
7fa5243d3000-7fa52440f000 r-xp 00000000 fd:00 262763                     /opt/pcre/lib/libpcre.so.0.0.1
7fa52440f000-7fa52460e000 ---p 0003c000 fd:00 262763                     /opt/pcre/lib/libpcre.so.0.0.1
7fa52460e000-7fa52460f000 rw-p 0003b000 fd:00 262763                     /opt/pcre/lib/libpcre.so.0.0.1
7fa52460f000-7fa52461f000 r-xp 00000000 fd:00 655840                     /lib64/libbz2.so.1.0.4
7fa52461f000-7fa52481e000 ---p 00010000 fd:00 655840                     /lib64/libbz2.so.1.0.4
7fa52481e000-7fa524820000 rw-p 0000f000 fd:00 655840                     /lib64/libbz2.so.1.0.4
7fa524820000-7fa52485f000 r-xp 00000000 fd:00 804102                     /usr/lib64/libjpeg.so.62.0.0
7fa52485f000-7fa524a5f000 ---p 0003f000 fd:00 804102                     /usr/lib64/libjpeg.so.62.0.0
7fa524a5f000-7fa524a60000 rw-p 0003f000 fd:00 804102                     /usr/lib64/libjpeg.so.62.0.0
7fa524a60000-7fa524a70000 rw-p 00000000 00:00 0
7fa524a70000-7fa524a95000 r-xp 00000000 fd:00 805482                     /usr/lib64/libpng12.so.0.49.0
7fa524a95000-7fa524c95000 ---p 00025000 fd:00 805482                     /usr/lib64/libpng12.so.0.49.0
7fa524c95000-7fa524c96000 rw-p 00025000 fd:00 805482                     /usr/lib64/libpng12.so.0.49.0
7fa524c96000-7fa524ca7000 r-xp 00000000 fd:00 805380                     /usr/lib64/libXpm.so.4.11.0
7fa524ca7000-7fa524ea6000 ---p 00011000 fd:00 805380                     /usr/lib64/libXpm.so.4.11.0
7fa524ea6000-7fa524ea7000 rw-p 00010000 fd:00 805380                     /usr/lib64/libXpm.so.4.11.0
7fa524ea7000-7fa524fde000 r-xp 00000000 fd:00 802526                     /usr/lib64/libX11.so.6.3.0
7fa524fde000-7fa5251de000 ---p 00137000 fd:00 802526                     /usr/lib64/libX11.so.6.3.0
7fa5251de000-7fa5251e4000 rw-p 00137000 fd:00 802526                     /usr/lib64/libX11.so.6.3.0
7fa5251e4000-7fa52527c000 r-xp 00000000 fd:00 805615                     /usr/lib64/libfreetype.so.6.3.22
7fa52527c000-7fa52547b000 ---p 00098000 fd:00 805615                     /usr/lib64/libfreetype.so.6.3.22
7fa52547b000-7fa525481000 rw-p 00097000 fd:00 805615                     /usr/lib64/libfreetype.so.6.3.22
7fa525481000-7fa52548d000 r-xp 00000000 fd:00 655675                     /lib64/libpam.so.0.82.2
7fa52548d000-7fa52568d000 ---p 0000c000 fd:00 655675                     /lib64/libpam.so.0.82.2
7fa52568d000-7fa52568e000 r--p 0000c000 fd:00 655675                     /lib64/libpam.so.0.82.2
7fa52568e000-7fa52568f000 rw-p 0000d000 fd:00 655675                     /lib64/libpam.so.0.82.2
7fa52568f000-7fa525844000 r-xp 00000000 fd:00 797078                     /usr/lib64/libcrypto.so.1.0.1e
7fa525844000-7fa525a44000 ---p 001b5000 fd:00 797078                     /usr/lib64/libcrypto.so.1.0.1e
7fa525a44000-7fa525a5f000 r--p 001b5000 fd:00 797078                     /usr/lib64/libcrypto.so.1.0.1e
7fa525a5f000-7fa525a6b000 rw-p 001d0000 fd:00 797078                     /usr/lib64/libcrypto.so.1.0.1e
7fa525a6b000-7fa525a6f000 rw-p 00000000 00:00 0
7fa525a6f000-7fa525ad0000 r-xp 00000000 fd:00 804141                     /usr/lib64/libssl.so.1.0.1e
7fa525ad0000-7fa525cd0000 ---p 00061000 fd:00 804141                     /usr/lib64/libssl.so.1.0.1e
7fa525cd0000-7fa525cd4000 r--p 00061000 fd:00 804141                     /usr/lib64/libssl.so.1.0.1e
7fa525cd4000-7fa525cdb000 rw-p 00065000 fd:00 804141                     /usr/lib64/libssl.so.1.0.1e
7fa525cdb000-7fa525ce4000 r-xp 00000000 fd:00 801404                     /usr/lib64/libltdl.so.7.2.1
7fa525ce4000-7fa525ee3000 ---p 00009000 fd:00 801404                     /usr/lib64/libltdl.so.7.2.1
7fa525ee3000-7fa525ee4000 rw-p 00008000 fd:00 801404                     /usr/lib64/libltdl.so.7.2.1
7fa525ee4000-7fa525f0e000 r-xp 00000000 fd:00 265730                     /opt/libmcrypt/lib/libmcrypt.so.4.4.8
7fa525f0e000-7fa52610d000 ---p 0002a000 fd:00 265730                     /opt/libmcrypt/lib/libmcrypt.so.4.4.8
7fa52610d000-7fa526111000 rw-p 00029000 fd:00 265730                     /opt/libmcrypt/lib/libmcrypt.so.4.4.8
7fa526111000-7fa526116000 rw-p 00000000 00:00 0
7fa526116000-7fa526141000 r-xp 00000000 fd:00 265753                     /opt/mhash/lib/libmhash.so.2.0.1
7fa526141000-7fa526340000 ---p 0002b000 fd:00 265753                     /opt/mhash/lib/libmhash.so.2.0.1
7fa526340000-7fa526341000 rw-p 0002a000 fd:00 265753                     /opt/mhash/lib/libmhash.so.2.0.1
7fa526341000-7fa526619000 r-xp 00000000 fd:00 787890                     /usr/lib64/libmysqlclient.so.18.0.0
7fa526619000-7fa526818000 ---p 002d8000 fd:00 787890                     /usr/lib64/libmysqlclient.so.18.0.0
7fa526818000-7fa52689c000 rw-p 002d7000 fd:00 787890                     /usr/lib64/libmysqlclient.so.18.0.0
7fa52689c000-7fa5268a1000 rw-p 00000000 00:00 0
7fa5268a1000-7fa5268a2000 r-xp 00000000 fd:00 805910                     /usr/lib64/libpspell.so.15.1.4
7fa5268a2000-7fa526aa1000 ---p 00001000 fd:00 805910                     /usr/lib64/libpspell.so.15.1.4
7fa526aa1000-7fa526aa2000 rw-p 00000000 fd:00 805910                     /usr/lib64/libpspell.so.15.1.4
7fa526aa2000-7fa526b54000 r-xp 00000000 fd:00 805908                     /usr/lib64/libaspell.so.15.1.4
7fa526b54000-7fa526d54000 ---p 000b2000 fd:00 805908                     /usr/lib64/libaspell.so.15.1.4
7fa526d54000-7fa526d5b000 rw-p 000b2000 fd:00 805908                     /usr/lib64/libaspell.so.15.1.4
7fa526d5b000-7fa526d63000 rw-p 00000000 00:00 0
7fa526d63000-7fa526db9000 r-xp 00000000 fd:00 265765                     /opt/tidy/lib/libtidy-0.99.so.0.0.0
7fa526db9000-7fa526fb9000 ---p 00056000 fd:00 265765                     /opt/tidy/lib/libtidy-0.99.so.0.0.0
7fa526fb9000-7fa526fc2000 rw-p 00056000 fd:00 265765                     /opt/tidy/lib/libtidy-0.99.so.0.0.0
7fa526fc2000-7fa526fe8000 r-xp 00000000 fd:00 655812                     /lib64/libexpat.so.1.5.2
7fa526fe8000-7fa5271e7000 ---p 00026000 fd:00 655812                     /lib64/libexpat.so.1.5.2
7fa5271e7000-7fa5271ea000 rw-p 00025000 fd:00 655812                     /lib64/libexpat.so.1.5.2
7fa5271ea000-7fa5271f1000 r-xp 00000000 fd:00 655637                     /lib64/librt-2.12.so
7fa5271f1000-7fa5273f0000 ---p 00007000 fd:00 655637                     /lib64/librt-2.12.so
7fa5273f0000-7fa5273f1000 r--p 00006000 fd:00 655637                     /lib64/librt-2.12.so
7fa5273f1000-7fa5273f2000 rw-p 00007000 fd:00 655637                     /lib64/librt-2.12.so
7fa5273f2000-7fa5273f4000 r-xp 00000000 fd:00 655830                     /lib64/libdl-2.12.so
7fa5273f4000-7fa5275f4000 ---p 00002000 fd:00 655830                     /lib64/libdl-2.12.so
7fa5275f4000-7fa5275f5000 r--p 00002000 fd:00 655830                     /lib64/libdl-2.12.so
7fa5275f5000-7fa5275f6000 rw-p 00003000 fd:00 655830                     /lib64/libdl-2.12.so
7fa5275f6000-7fa527679000 r-xp 00000000 fd:00 655492                     /lib64/libm-2.12.so
7fa527679000-7fa527878000 ---p 00083000 fd:00 655492                     /lib64/libm-2.12.so
7fa527878000-7fa527879000 r--p 00082000 fd:00 655492                     /lib64/libm-2.12.so
7fa527879000-7fa52787a000 rw-p 00083000 fd:00 655492                     /lib64/libm-2.12.so
7fa52787a000-7fa52788c000 r-xp 00000000 fd:00 265814                     /opt/xslt/lib/libexslt.so.0.8.16
7fa52788c000-7fa527a8c000 ---p 00012000 fd:00 265814                     /opt/xslt/lib/libexslt.so.0.8.16
7fa527a8c000-7fa527a8d000 rw-p 00012000 fd:00 265814                     /opt/xslt/lib/libexslt.so.0.8.16
7fa527a8d000-7fa527aa2000 r-xp 00000000 fd:00 655776                     /lib64/libz.so.1.2.3
7fa527aa2000-7fa527ca1000 ---p 00015000 fd:00 655776                     /lib64/libz.so.1.2.3
7fa527ca1000-7fa527ca2000 r--p 00014000 fd:00 655776                     /lib64/libz.so.1.2.3
7fa527ca2000-7fa527ca3000 rw-p 00015000 fd:00 655776                     /lib64/libz.so.1.2.3
7fa527ca3000-7fa527caa000 r-xp 00000000 fd:00 655673                     /lib64/libcrypt-2.12.so
7fa527caa000-7fa527eaa000 ---p 00007000 fd:00 655673                     /lib64/libcrypt-2.12.so
7fa527eaa000-7fa527eab000 r--p 00007000 fd:00 655673                     /lib64/libcrypt-2.12.so
7fa527eab000-7fa527eac000 rw-p 00008000 fd:00 655673                     /lib64/libcrypt-2.12.so
7fa527eac000-7fa527eda000 rw-p 00000000 00:00 0
7fa527eda000-7fa527fc2000 r-xp 00000000 fd:00 801392                     /usr/lib64/libstdc++.so.6.0.13
7fa527fc2000-7fa5281c2000 ---p 000e8000 fd:00 801392                     /usr/lib64/libstdc++.so.6.0.13
7fa5281c2000-7fa5281c9000 r--p 000e8000 fd:00 801392                     /usr/lib64/libstdc++.so.6.0.13
7fa5281c9000-7fa5281cb000 rw-p 000ef000 fd:00 801392                     /usr/lib64/libstdc++.so.6.0.13
7fa5281cb000-7fa5281e0000 rw-p 00000000 00:00 0
7fa5281e0000-7fa528200000 r-xp 00000000 fd:00 655476                     /lib64/ld-2.12.so
7fa5283de000-7fa5283f4000 rw-p 00000000 00:00 0
7fa5283fd000-7fa5283ff000 rw-p 00000000 00:00 0
7fa5283ff000-7fa528400000 r--p 0001f000 fd:00 655476                     /lib64/ld-2.12.so
7fa528400000-7fa528401000 rw-p 00020000 fd:00 655476                     /lib64/ld-2.12.so
7fa528401000-7fa528402000 rw-p 00000000 00:00 0
7fff8d3b0000-7fff8d3d2000 rwxp 00000000 00:00 0                          [stack]
7fff8d3ff000-7fff8d400000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Infopro

May 03, 2014 20:57

That email is from CSF: Process Tracking and csf.pignore - ConfigServer Forums

duobilisim

May 03, 2014 21:41

Thanks i know its coming from CSF but, i want to learn what process causing this, adding /usr/bin/php to csf.pignore is not good idea i think. its connecting from udp: myserverip:randomport to 4.2.2.2:53 from different user accounts. What process causing this, i am going to add it to csf.pignore

iserversupport

May 04, 2014 08:25

You can grep with the Process ID (PID) to get more information about the process. Try this ps -aux | grep PID

May 07, 2014 21:21

i did ps aux result was /usr/bin/php too see what files are open ls -l /proc/7431/fd Result:



total 0
dr-x------ 2 kenal kenal  0 May  8 00:13 ./
dr-xr-xr-x 7 kenal kenal  0 May  8 00:12 ../
lrwx------ 1 kenal kenal 64 May  8 00:13 0 -> socket:[104920]
l-wx------ 1 kenal kenal 64 May  8 00:13 1 -> /usr/local/apache/logs/error_log
l-wx------ 1 kenal kenal 64 May  8 00:13 2 -> /usr/local/apache/logs/error_log
lr-x------ 1 kenal kenal 64 May  8 00:13 48 -> pipe:[104164]
l-wx------ 1 kenal kenal 64 May  8 00:13 53 -> pipe:[104165]

i cant find what is causing this :/

Emails about: Suspicious process Alerts

Comments

Didn't find what you were looking for?