whmcs domainsync being blocked as suspicious process
Posted: 17 Aug 2014, 21:06
Hi,
i have been trying to get my domainsync.php file from whmcs (this syncs the domains with the registrar) to fire properly for a few days now via cron.
Im on a new VPS. All my other crons for whmcs work fine now. But the domainsync is getting blocked by csf as a suspicious process.
this is what the email reads.
i had priviously moved my domainsync and config up above the public_html to secure it however when it stopped working (after the move ) i moved it back down to its original location in the crons dir to get it working.. i did change the config to read
and i also added the following to my configserver firewall (csf) to the csf.pignore as ignore processes
i added them all at once to try to cover every possible way to see it if worked and then i would emilimate the ones that didnt work. But this has been uncessfull,
right now here is what i have in the pignore for exceptions.
exe:/home/xxxxxx/public_html/xxxxxx/xxx/domainsync.php
/home/xxxxxx/public_html/xxxxxx/xxx/domainsync.php
cmd:/home/xxxxxx/public_html/xxxxxx/xxx/domainsync.php
exe:/usr/bin/php
user:myusername
i have not yet tried the full command as im not sure it will help
php -q /home/xxxxxx/public_html/whmcs_dir/xxxxxx/domainsync.php
so not im at the end of my troubleshooting and im not sure what to do next. crons is 755 and domainsync and config are both 644
any ideas what might be the issue here.
im lost now...
thanks
i have been trying to get my domainsync.php file from whmcs (this syncs the domains with the registrar) to fire properly for a few days now via cron.
Im on a new VPS. All my other crons for whmcs work fine now. But the domainsync is getting blocked by csf as a suspicious process.
this is what the email reads.
Time: Sun Aug 17 12:51:48 2014 -0600
PID: 7446 (Parent PID:7445)
Account: xxxxxxxx
Uptime: 106 seconds
Executable:
/usr/bin/php
Command Line (often faked in exploits):
php -q /home/xxxxxxxx/public_html/xxxxx/xxx/domainsync.php
Network connections by the process (if any):
tcp: 108.170.3.19:xxxxx -> xxx.xx.xx.xxx:55443
-------------------------------------------------------------------
that tcp 108......... is my shared ip.
i had priviously moved my domainsync and config up above the public_html to secure it however when it stopped working (after the move ) i moved it back down to its original location in the crons dir to get it working.. i did change the config to read
Code: Select all
# Enter path to root WHMCS directory (relative or full)
//$whmcspath = "/home/xxxxxx/public_html/xxxxxx/";
$whmcspath = '../';
i added them all at once to try to cover every possible way to see it if worked and then i would emilimate the ones that didnt work. But this has been uncessfull,
right now here is what i have in the pignore for exceptions.
exe:/home/xxxxxx/public_html/xxxxxx/xxx/domainsync.php
/home/xxxxxx/public_html/xxxxxx/xxx/domainsync.php
cmd:/home/xxxxxx/public_html/xxxxxx/xxx/domainsync.php
exe:/usr/bin/php
user:myusername
i have not yet tried the full command as im not sure it will help
php -q /home/xxxxxx/public_html/whmcs_dir/xxxxxx/domainsync.php
so not im at the end of my troubleshooting and im not sure what to do next. crons is 755 and domainsync and config are both 644
any ideas what might be the issue here.
im lost now...
thanks