ConfigServer Community Forum

Posted: **13 Jul 2013, 17:24**

I get multiple copies of this email

Time: Sun Jul 14 05:12:23 2013 +0700
PID: 23073 (Parent PID:29765)
Account: apache
Uptime: 4220 seconds

Executable:

/usr/sbin/httpd

Command Line (often faked in exploits):

/usr/sbin/httpd

Network connections by the process (if any):

tcp: 0.0.0.0:80 -> 0.0.0.0:0

I have

Code: Select all

cmd:/usr/sbin/httpd
exe:usr/sbin/httpd

in csf.pignore already, and restarted lfd. Even tried to reboot the whole server and nothing change. It seems lfd just ignores that file. It's v6.22 on a CentOS 5.9 - 64bits.

Any idea please?

Thanks.

Posted: **13 Jul 2013, 18:20**

Try revising your exe line to include the first slash, so:

exe:/usr/sbin/httpd

Posted: **14 Jul 2013, 00:35**

Thanks for replying. However, it's my mistake. In fact, here are the code in csf.pignore

Code: Select all

exe:/usr/sbin/httpd
cmd:/usr/sbin/httpd
user:apache

I tried all 3 options, but still receiving multiple warnings.

Posted: **14 Jul 2013, 00:54**

Weird. Have you tried restarting apache as well to see if it makes a difference?

Posted: **14 Jul 2013, 01:02**

As I mentioned above, I even tried to restart the whole server, but after it's coming back, warnings still appear in my email. Have no clue why it's happening. I search on board and see some others have the same issue, that lfs seems ignore csf.ignore settings. Don't know where the bug is.

ConfigServer Community Forum

csf.pignore is not working

csf.pignore is not working

Re: csf.pignore is not working

Re: csf.pignore is not working

Re: csf.pignore is not working

Re: csf.pignore is not working