ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Suspicious Process WordPress

https://mail.forum.configserver.com/viewtopic.php?t=9348

Page 1 of 1

Suspicious Process WordPress

Posted: 15 Mar 2016, 08:31
by conecta6
Hi, we are getting this alert from all our WordPress installed. WP are updated and free malware. Why this? how can i stop it?

Time: Tue Mar 15 03:43:12 2016 +0100
PID: 17679 (Parent PID:16937)
Account: val2bornedo
Uptime: 69 seconds


Executable:

/usr/bin/php


Command Line (often faked in exploits):

/usr/bin/php /home/val2bornedo/public_html/wp-admin/admin-ajax.php


Network connections by the process (if any):

tcp: 136.243.83.24:46068 -> 136.243.83.24:80


Files open by the process (if any):

/var/cpanel/locale/en.cdb

Re: Suspicious Process WordPress

Posted: 23 Mar 2016, 18:25
by ColumbusGEEK
It's the WP api. Hundreds of posts and different solutions abound on the internet. TRry a few and see which fit your needs.
I still struggle with it a bit myself.

https://www.google.com/#q=%2Fwp-admin%2Fadmin-ajax.php

Re: Suspicious Process WordPress

Posted: 23 Mar 2016, 21:08
by nootkan
You could add
cmd: /usr/bin/php /home/val2bornedo/public_html/wp-admin/admin-ajax.php
to the csf.pignore, Process Tracking if all you want to do is ignore the messages.

Re: Suspicious Process WordPress

Posted: 23 Mar 2016, 23:10
by ColumbusGEEK
I wouldn't ignore it unless you have a beefy machine that can handle loads of crap requests like this.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited