This is my first time here , i had joined today to discuss about many email alerts i am receiving since a week or so .
There is 3 types of emails :
1- It is titled by : lfd on *server name* : Suspicious File Alert
and contains :
Code: Select all
File: /tmp/systemd-private-be537481d81d48b4b230533e9c529e32-ea-php81-php-fpm.service-teQo08/tmp/python3.61
Reason: Linux Binary
Owner: *website-username* (1007:1008)
Action: No action takenand contains :
Code: Select all
Time: Sat Dec 7 18:00:41 2024 +0400
Account: *website-username*
Resource: Process Time
Exceeded: 82570 > 3600 (seconds)
Executable: /opt/cpanel/ea-php81/root/usr/bin/php-cgi
Command Line: /opt/cpanel/ea-php81/root/usr/bin/php-cgi /tmp/phpbbOGTziw phpbb
PID: 267974 (Parent PID:267974)
Killed: No3- It is titled by : lfd on *server* : System Integrity checking detected a modified system file
and contains :
Code: Select all
Time: Fri Dec 6 05:42:44 2024 +0400
The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
/usr/sbin/httpd: FAILED
/sbin/httpd: FAILEDSo what are those email alerts and why i am getting them every few minutes ..
the same website is working on the server for more than 2 years and everything worked well , nothing had been changed as i know
By the way , my server is running on Almalinux 9, and latest cpanel