Hello,
I'm been receiving this e-mail from all my web hosting accounts. I have researched the web and can't find a solution. I'm aware of being able add this script to the ignore file. However, I'd like to make sure this is not a problem and hopefully find the cause.
Thank you for your help!
I'm using the stable version of cPanel with Cloud Linux.
Email Subject: lfd on server-domain-name: Suspicious process running under user <username>
Time: Mon Sep 22 00:08:03 2014 +0000
PID: 533391 (Parent PID:528622)
Account: <username>
Uptime: 73 seconds
Executable:
/usr/selector/php
Command Line (often faked in exploits):
/usr/bin/php /home/<username>/public_html/wp-admin/admin-ajax.php
Network connections by the process (if any):
tcp: 10.0.0.186:37272 -> <server_ip>:80
Files open by the process (if any):
(deleted)/tmp/session_mm_cgi-fcgi513.sem
Memory maps by the process (if any):
00400000-00d8c000 r-xp 00000000 ca:50 1377367 /usr/selector/php
00f8b000-01052000 rw-p 0098b000 ca:50 1377367 /usr/selector/php
01052000-01076000 rw-p 00000000 00:00 0
012bd000-03779000 rw-p 00000000 00:00 0 [heap]
7f6280000000-7f6280021000 rw-p 00000000 00:00 0
7f6280021000-7f6284000000 ---p 00000000 00:00 0
7f6286002000-7f6286443000 rw-p 00000000 00:00 0
[vsyscall]
wp-admin/admin-ajax.php causing Suspicious process running
-
cdenterprises
- Junior Member
- Posts: 3
- Joined: 22 Sep 2014, 02:31
wp-admin/admin-ajax.php causing Suspicious process running
Last edited by cdenterprises on 06 Oct 2014, 20:25, edited 1 time in total.
Re: wp-admin/admin-ajax.php causing Suspicious process runni
Have you tried to add the following line in csf.pignore?
exe:/usr/selector/php
exe:/usr/selector/php
-
cdenterprises
- Junior Member
- Posts: 3
- Joined: 22 Sep 2014, 02:31
Re: wp-admin/admin-ajax.php causing Suspicious process runni
Like I said in my original post. I do not want to do this as this would not be the correct way of handling the issue. If the script does pose a problem in the future where it's running for 2 minutes plus, I need to know about it.
Is there away give more allowance on the amount of time that the script can run for before it triggers the email?
Thank you for any help!
Is there away give more allowance on the amount of time that the script can run for before it triggers the email?
Thank you for any help!
-
cdenterprises
- Junior Member
- Posts: 3
- Joined: 22 Sep 2014, 02:31
Re: wp-admin/admin-ajax.php causing Suspicious process runni
FYI: I found the solution.
The correct way to fix this problem is to view the CSF configuration file.
The setting: PT_Limit. Increase this to a higher level that is acceptable for your server.
In the email I received it stated.
Time: Mon Sep 22 00:08:03 2014 +0000
PID: 533391 (Parent PID:528622)
Account: <username>
Uptime: 73 seconds
The uptime is what you want to increase the PT_Limit too. I increased the uptime to 75 seconds. Anything above 75 seconds I receive an email alert. This way I can verify that my clients website is not under attack or verify that a bad script is not running.
Hope this helps.
The correct way to fix this problem is to view the CSF configuration file.
The setting: PT_Limit. Increase this to a higher level that is acceptable for your server.
In the email I received it stated.
Time: Mon Sep 22 00:08:03 2014 +0000
PID: 533391 (Parent PID:528622)
Account: <username>
Uptime: 73 seconds
The uptime is what you want to increase the PT_Limit too. I increased the uptime to 75 seconds. Anything above 75 seconds I receive an email alert. This way I can verify that my clients website is not under attack or verify that a bad script is not running.
Hope this helps.