ConfigServer Community Forum

Posted: **29 May 2014, 16:39**

Can anyone explain exactly what situations cause this message? Has the CRON process been killed or not? What should I do in response to this message? I am not familiar with Linux.

Remote server: Centos with CPanel and WHM
Local email client: Thunderbird on Windows 8

I deleted many small parts of the message because your forum software complains that there are URLs in it when there are no URLs in it.
----
Time: Thu May 29 02:31:11 2014 -0400
PID: 17877 (Parent PID:17867)
Account: nsr
Uptime: 70 seconds

Executable:

/usr/bin/php

Command Line (often faked in exploits):

php -f /home/nsr/public_html/mon-m3maje.php

Network connections by the process (if any):

tcp: 207.58.181.226:37802 -> 162.159.250.43:80

Files open by the process (if any):

Memory maps by the process (if any):

08048000-086b5000 r-xp 00000000 00:1c 180605437 /usr/bin/php
086b5000-086ee000 rw-p 0066c000 00:1c 180605437 /usr/bin/php
086ee000-086f8000 rw-p 00000000 00:00 0
0a638000-0a814000 rw-p 00000000 00:00 0 [heap]
b6597000-b65a3000 r-xp 00000000 00:1c 113197178 /lib/libnss_files-2.12??o
b65a3000-b65a4000 r--p 0000b000 00:1c 113197178 /lib/libnss_files-2.12??o
b65a4000-b65a5000 rw-p 0000c000 00:1c 113197178 /lib/libnss_files-2.12??o
b65a5000-b66f0000 r-xp 00000000 00:1c 3457116 /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer??o
b66f0000-b6701000 rw-p 0014b000 00:1c 3457116 /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer??o
b6701000-b6706000 rw-p 00000000 00:00 0
b6740000-b6745000 r-xp 00000000 00:1c 113197080 /lib/libnss_dns-2.12??o
b6745000-b6746000 r--p 00004000 00:1c 113197080 /lib/libnss_dns-2.12??o
b6746000-b6747000 rw-p 00005000 00:1c 113197080 /lib/libnss_dns-2.12??o
b6747000-b674c000 rw-p 00000000 00:00 0
b674c000-b6769000 r-xp 00000000 00:1c 113197104 /lib/libselinux??o.1
b6769000-b676a000 r--p 0001c000 00:1c 113197104 /lib/libselinux??o.1
b676a000-b676b000 rw-p 0001d000 00:1c 113197104 /lib/libselinux??o.1
b676b000-b676d000 r-xp 00000000 00:1c 192053641 /usr/lib/libXau??o.6.0.0
b676d000-b676e000 rw-p 00001000 00:1c 192053641 /usr/lib/libXau??o.6.0.0
b676e000-b676f000 rw-p 00000000 00:00 0
b676f000-b6788000 r-xp 00000000 00:1c 184713751 /usr/lib/libsasl2??o.2.0.23
b6788000-b6789000 r--p 00018000 00:1c 184713751 /usr/lib/libsasl2??o.2.0.23
b6789000-b678a000 rw-p 00019000 00:1c 184713751 /usr/lib/libsasl2??o.2.0.23
b678a000-b67c4000 r-xp 00000000 00:1c 113197123 /lib/libnspr4??o
b67c4000-b67c5000 r--p 00039000 00:1c 113197123 /lib/libnspr4??o
b67c5000-b67c6000 rw-p 0003a000 00:1c 113197123 /lib/libnspr4??o
b67c6000-b67c8000 rw-p 00000000 00:00 0
b67c8000-b67cc000 r-xp 00000000 00:1c 113197124 /lib/libplc4??o
b67cc000-b67cd000 r--p 00003000 00:1c 113197124 /lib/libplc4??o
b67cd000-b67ce000 rw-p 00004000 00:1c 113197124 /lib/libplc4??o
b67ce000-b67d1000 r-xp 00000000 00:1c 113197125 /lib/libplds4??o
b67d1000-b67d2000 r--p 00002000 00:1c 113197125 /lib/libplds4??o
b67d2000-b67d3000 rw-p 00003000 00:1c 113197125 /lib/libplds4??o
b67d3000-b67f4000 r-xp 00000000 00:1c 192053592 /usr/lib/libnssutil3??o
b67f4000-b67f7000 r--p 00020000 00:1c 192053592 /usr/lib/libnssutil3??o
b67f7000-b67f8000 rw-p 00023000 00:1c 192053592 /usr/lib/libnssutil3??o
b67f8000-b67f9000 rw-p 00000000 00:00 0
b67f9000-b692f000 r-xp 00000000 00:1c 192053756 /usr/lib/libnss3??o
b692f000-b6932000 r--p 00135000 00:1c 192053756 /usr/lib/libnss3??o
b6932000-b6934000 rw-p 00138000 00:1c 192053756 /usr/lib/libnss3??o
b6934000-b695c000 r-xp 00000000 00:1c 192053759 /usr/lib/libsmime3??o
b695c000-b695e000 r--p 00027000 00:1c 192053759 /usr/lib/libsmime3??o
b695e000-b695f000 rw-p 00029000 00:1c 192053759 /usr/lib/libsmime3??o
b695f000-b6993000 r-xp 00000000 00:1c 200441859 /usr/lib/libssl3??o
b6993000-b6994000 r--p 00034000 00:1c 200441859 /usr/lib/libssl3??o
b6994000-b6995000 rw-p 00035000 00:1c 200441859 /usr/lib/libssl3??o
b6995000-b69a2000 r-xp 00000000 00:1c 113197139 /lib/liblber-2.4??o.2.5.6
b69a2000-b69a3000 r--p 0000d000 00:1c 113197139 /lib/liblber-2.4??o.2.5.6
b69a3000-b69a4000 rw-p 0000e000 00:1c 113197139 /lib/liblber-2.4??o.2.5.6
b69a4000-b69bb000 r-xp 00000000 00:1c 113197090 /lib/libpthread-2.12??o
b69bb000-b69bc000 r--p 00016000 00:1c 113197090 /lib/libpthread-2.12??o
b69bc000-b69bd000 rw-p 00017000 00:1c 113197090 /lib/libpthread-2.12??o
b69bd000-b69c0000 rw-p 00000000 00:00 0
b69c0000-b69c2000 r-xp 00000000 00:1c 114213605 /lib/libkeyutils??o.1.3
b69c2000-b69c3000 r--p 00001000 00:1c 114213605 /lib/libkeyutils??o.1.3
b69c3000-b69c4000 rw-p 00002000 00:1c 114213605 /lib/libkeyutils??o.1.3
b69c4000-b69ce000 r-xp 00000000 00:1c 179897536 /lib/libkrb5support??o.0.1
b69ce000-b69cf000 r--p 00009000 00:1c 179897536 /lib/libkrb5support??o.0.1
b69cf000-b69d0000 rw-p 0000a000 00:1c 179897536 /lib/libkrb5support??o.0.1
b69d0000-b69ef000 r-xp 00000000 00:1c 192053690 /usr/lib/libxcb??o.1.1.0
b69ef000-b69f0000 rw-p 0001f000 00:1c 192053690 /usr/lib/libxcb??o.1.1.0
b69f0000-b6a07000 r-xp 00000000 00:1c 114213562 /lib/libaudit??o.1.0.0
b6a07000-b6a08000 r--p 00016000 00:1c 114213562 /lib/libaudit??o.1.0.0
b6a08000-b6a0d000 rw-p 00017000 00:1c 114213562 /lib/libaudit??o.1.0.0
b6a0d000-b6a5c000 r-xp 00000000 00:1c 113197060 /lib/libfreebl3??o
b6a5c000-b6a5d000 r--p 0004e000 00:1c 113197060 /lib/libfreebl3??o
b6a5d000-b6a5e000 rw-p 0004f000 00:1c 113197060 /lib/libfreebl3??o
b6a5e000-b6a63000 rw-p 00000000 00:00 0
b6a63000-b6a80000 r-xp 00000000 00:1c 113197057 /lib/libgcc_s-4.4.7-20120601??o.1
b6a80000-b6a81000 rw-p 0001d000 00:1c 113197057 /lib/libgcc_s-4.4.7-20120601??o.1
b6a81000-b6c11000 r-xp 00000000 00:1c 113197066 /lib/libc-2.12??o
b6c11000-b6c12000 ---p 00190000 00:1c 113197066 /lib/libc-2.12??o
b6c12000-b6c14000 r--p 00190000 00:1c 113197066 /lib/libc-2.12??o
b6c14000-b6c15000 rw-p 00192000 00:1c 113197066 /lib/libc-2.12??o
b6c15000-b6c18000 rw-p 00000000 00:00 0
b6c18000-b6d76000 r-xp 00000000 00:1c 179605287 /opt/xml2/lib/libxml2??o.2.7.8
b6d76000-b6d7b000 rw-p 0015e000 00:1c 179605287 /opt/xml2/lib/libxml2??o.2.7.8
b6d7b000-b6d7c000 rw-p 00000000 00:00 0
b6d7c000-b6d83000 r-xp 00000000 00:1c 113197184 /lib/librt-2.12??o
b6d83000-b6d84000 r--p 00006000 00:1c 113197184 /lib/librt-2.12??o
b6d84000-b6d85000 rw-p 00007000 00:1c 113197184 /lib/librt-2.12??o
b6d85000-b6dd1000 r-xp 00000000 00:1c 113197141 /lib/libldap-2.4??o.2.5.6
b6dd1000-b6dd2000 r--p 0004b000 00:1c 113197141 /lib/libldap-2.4??o.2.5.6
b6dd2000-b6dd3000 rw-p 0004c000 00:1c 113197141 /lib/libldap-2.4??o.2.5.6
b6dd3000-b6dd4000 rw-p 00000000 00:00 0
b6dd4000-b6e05000 r-xp 00000000 00:1c 114213599 /lib/libidn??o.11.6.1
b6e05000-b6e06000 rw-p 00030000 00:1c 114213599 /lib/libidn??o.11.6.1
b6e06000-b6e59000 r-xp 00000000 00:1c 163201427 /opt/curlssl/lib/libcurl??o.4.2.0
b6e59000-b6e5b000 rw-p 00052000 00:1c 163201427 /opt/curlssl/lib/libcurl??o.4.2.0
b6e5b000-b6e5e000 r-xp 00000000 00:1c 113197105 /lib/libcom_err??o.2.1
b6e5e000-b6e5f000 r--p 00002000 00:1c 113197105 /lib/libcom_err??o.2.1
b6e5f000-b6e60000 rw-p 00003000 00:1c 113197105 /lib/libcom_err??o.2.1
b6e60000-b6e88000 r-xp 00000000 00:1c 179897532 /lib/libk5crypto??o.3.1
b6e88000-b6e89000 r--p 00028000 00:1c 179897532 /lib/libk5crypto??o.3.1
b6e89000-b6e8a000 rw-p 00029000 00:1c 179897532 /lib/libk5crypto??o.3.1
b6e8a000-b6e8b000 rw-p 00000000 00:00 0
b6e8b000-b6f61000 r-xp 00000000 00:1c 179897534 /lib/libkrb5??o.3.3
b6f61000-b6f67000 r--p 000d5000 00:1c 179897534 /lib/libkrb5??o.3.3
b6f67000-b6f68000 rw-p 000db000 00:1c 179897534 /lib/libkrb5??o.3.3
b6f68000-b6fa6000 r-xp 00000000 00:1c 179897512 /lib/libgssapi_krb5??o.2.2
b6fa6000-b6fa7000 r--p 0003e000 00:1c 179897512 /lib/libgssapi_krb5??o.2.2
b6fa7000-b6fa8000 rw-p 0003f000 00:1c 179897512 /lib/libgssapi_krb5??o.2.2
b6fa8000-b6fa9000 rw-p 00000000 00:00 0
b6fa9000-b6fc0000 r-xp 00000000 00:1c 113197174 /lib/libnsl-2.12??o
b6fc0000-b6fc1000 r--p 00016000 00:1c 113197174 /lib/libnsl-2.12??o
b6fc1000-b6fc2000 rw-p 00017000 00:1c 113197174 /lib/libnsl-2.12??o
b6fc2000-b6fc4000 rw-p 00000000 00:00 0
b6fc4000-b6fc7000 r-xp 00000000 00:1c 113197115 /lib/libdl-2.12??o
b6fc7000-b6fc8000 r--p 00002000 00:1c 113197115 /lib/libdl-2.12??o
b6fc8000-b6fc9000 rw-p 00003000 00:1c 113197115 /lib/libdl-2.12??o
b6fc9000-b6ff1000 r-xp 00000000 00:1c 113197172 /lib/libm-2.12??o
b6ff1000-b6ff2000 r--p 00027000 00:1c 113197172 /lib/libm-2.12??o
b6ff2000-b6ff3000 rw-p 00028000 00:1c 113197172 /lib/libm-2.12??o
b6ff3000-b7008000 r-xp 00000000 00:1c 113197182 /lib/libresolv-2.12??o
b7008000-b7009000 ---p 00015000 00:1c 113197182 /lib/libresolv-2.12??o
b7009000-b700a000 r--p 00015000 00:1c 113197182 /lib/libresolv-2.12??o
b700a000-b700b000 rw-p 00016000 00:1c 113197182 /lib/libresolv-2.12??o
b700b000-b700d000 rw-p 00000000 00:00 0
b700d000-b7051000 r-xp 00000000 00:1c 179507767 /opt/pcre/lib/libpcre??o.0.0.1
b7051000-b7052000 rw-p 00043000 00:1c 179507767 /opt/pcre/lib/libpcre??o.0.0.1
b7052000-b7098000 r-xp 00000000 00:1c 192053594 /usr/lib/libjpeg??o.62.0.0
b7098000-b7099000 rw-p 00046000 00:1c 192053594 /usr/lib/libjpeg??o.62.0.0
b7099000-b70aa000 rw-p 00000000 00:00 0
b70aa000-b70bc000 r-xp 00000000 00:1c 113197103 /lib/libz??o.1.2.3
b70bc000-b70bd000 r--p 00011000 00:1c 113197103 /lib/libz??o.1.2.3
b70bd000-b70be000 rw-p 00012000 00:1c 113197103 /lib/libz??o.1.2.3
b70be000-b70e5000 r-xp 00000000 00:1c 184713730 /usr/lib/libpng12??o.0.49.0
b70e5000-b70e6000 rw-p 00026000 00:1c 184713730 /usr/lib/libpng12??o.0.49.0
b70e6000-b70f6000 r-xp 00000000 00:1c 192053724 /usr/lib/libXpm??o.4.11.0
b70f6000-b70f7000 rw-p 00010000 00:1c 192053724 /usr/lib/libXpm??o.4.11.0
b70f7000-b722c000 r-xp 00000000 00:1c 192053718 /usr/lib/libX11??o.6.3.0
b722c000-b7230000 rw-p 00134000 00:1c 192053718 /usr/lib/libX11??o.6.3.0
b7230000-b72c4000 r-xp 00000000 00:1c 192053598 /usr/lib/libfreetype??o.6.3.22
b72c4000-b72c8000 rw-p 00094000 00:1c 192053598 /usr/lib/libfreetype??o.6.3.22
b72c8000-b72d4000 r-xp 00000000 00:1c 113197118 /lib/libpam??o.0.82.2
b72d4000-b72d5000 r--p 0000b000 00:1c 113197118 /lib/libpam??o.0.82.2
b72d5000-b72d6000 rw-p 0000c000 00:1c 113197118 /lib/libpam??o.0.82.2
b72d6000-b72d7000 rw-p 00000000 00:00 0
b72d7000-b744c000 r-xp 00000000 00:1c 192053587 /usr/lib/libcrypto??o.1.0.0
b744c000-b744d000 ---p 00175000 00:1c 192053587 /usr/lib/libcrypto??o.1.0.0
b744d000-b745b000 r--p 00175000 00:1c 192053587 /usr/lib/libcrypto??o.1.0.0
b745b000-b7461000 rw-p 00183000 00:1c 192053587 /usr/lib/libcrypto??o.1.0.0
b7461000-b7464000 rw-p 00000000 00:00 0
b7464000-b74b8000 r-xp 00000000 00:1c 192053589 /usr/lib/libssl??o.1.0.0
b74b8000-b74ba000 r--p 00054000 00:1c 192053589 /usr/lib/libssl??o.1.0.0
b74ba000-b74bd000 rw-p 00056000 00:1c 192053589 /usr/lib/libssl??o.1.0.0
b74bd000-b74c6000 r-xp 00000000 00:1c 184713679 /usr/lib/libltdl??o.7.2.1
b74c6000-b74c7000 rw-p 00008000 00:1c 184713679 /usr/lib/libltdl??o.7.2.1
b74c7000-b74f4000 r-xp 00000000 00:1c 175276570 /opt/libmcrypt/lib/libmcrypt??o.4.4.8
b74f4000-b74f7000 rw-p 0002c000 00:1c 175276570 /opt/libmcrypt/lib/libmcrypt??o.4.4.8
b74f7000-b74fd000 rw-p 00000000 00:00 0
b74fd000-b7549000 r-xp 00000000 00:1c 181225094 /opt/mhash/lib/libmhash??o.2.0.1
b7549000-b754a000 rw-p 0004b000 00:1c 181225094 /opt/mhash/lib/libmhash??o.2.0.1
b754a000-b754b000 rw-p 00000000 00:00 0
b754b000-b766f000 r-xp 00000000 00:1c 184713306 /usr/lib/libmysqlclient??o.15.0.0
b766f000-b769e000 rw-p 00124000 00:1c 184713306 /usr/lib/libmysqlclient??o.15.0.0
b769e000-b769f000 rw-p 00000000 00:00 0
b769f000-b76a6000 r-xp 00000000 00:1c 113197070 /lib/libcrypt-2.12??o
b76a6000-b76a7000 r--p 00007000 00:1c 113197070 /lib/libcrypt-2.12??o
b76a7000-b76a8000 rw-p 00008000 00:1c 113197070 /lib/libcrypt-2.12??o
b76a8000-b76cf000 rw-p 00000000 00:00 0
b76d9000-b77b8000 r-xp 00000000 00:1c 192053596 /usr/lib/libstdc++??o.6.0.13
b77b8000-b77bc000 r--p 000de000 00:1c 192053596 /usr/lib/libstdc++??o.6.0.13
b77bc000-b77bd000 rw-p 000e2000 00:1c 192053596 /usr/lib/libstdc++??o.6.0.13
b77bd000-b77c5000 rw-p 00000000 00:00 0
b77c5000-b77c6000 r-xp 00000000 00:00 0 [vdso]
b77c6000-b77e4000 r-xp 00000000 00:1c 113197101 /lib/ld-2.12??o
b77e4000-b77e5000 r--p 0001d000 00:1c 113197101 /lib/ld-2.12??o
b77e5000-b77e6000 rw-p 0001e000 00:1c 113197101 /lib/ld-2.12??o
bfc8a000-bfc9e000 rwxp 00000000 00:00 0 [stack]
bfc9e000-bfc9f000 rw-p 00000000 00:00 0
----

Posted: **02 Jun 2014, 10:36**

It's because you have Process tracking enabled. Check out point number eight in csf readne.

http://configserver.com/free/csf/readme.txt

Posted: **02 Jun 2014, 11:24**

martinp, thanks for the pointer. My guess is that my PHP tool that I run under cron sometimes hangs because the remote server is hanging while attempting to deliver the desired file. My further guess is that this happens because the Internet is so complex that sometimes it has to keep trying, instead of hitting a shorter (better) timeout than 70 seconds. If this is so, then there is just nothing that can be done about this: the cost of an occasional hang of 70 seconds and an email to me is necessary if I want to have the exploit protection offered by lfd.

Can anyone else here confirm that this analysis is correct? Thanks.

ConfigServer Community Forum

Cannot understand lfd error message from system

Cannot understand lfd error message from system

Re: Cannot understand lfd error message from system

Re: Cannot understand lfd error message from system