Hi,
I'm getting suspicious alerts for webalizer process like this for all users. I couldn't find anything suspicious.
USER 917236 0.0 0.0 272464 7172 ? SNs 06:38 0:00 /usr/local/cpanel/3rdparty/webalizer/bin/english -N 10 -D /home/USER/tmp/webalizer/dns_cache.db -R 250 -p -n DOMAIN.com -o /home/USER/tmp/webalizer /etc/apache2/logs/domlogs/DOMAIN.com.bkup
I have noticed that webalizer binary path has changed and it is different from the one mentioned in csf.pignore. Binary file set in csf.pignore is /usr/local/cpanel/3rdparty/bin/english/webalizer which doesn't exist.
If binary path can be added to /usr/local/cpanel/3rdparty/webalizer/bin/english in csf.pignore in future releases, it would be helpful to avoid false alerts.
This is my first post and if it is in the wrong section, kindly move it to the right one.
Thank you