Executable:/usr/local/cpanel/3rdparty/ bin/php-cgiCommand Line (often faked in exploits):/usr/local/cpanel/3rdparty/ bin/php-cgi -c /usr/local/cpanel/3rdparty/ etc/roundcube /usr/local/cpanel/base/ 3rdparty/roundcube/index.php
Network connections by the process (if any):
tcp: 127.0.0.1:48277 -> 127.0.0.1:143
Solution
======
======
vi /etc/csf/csf.pignore
And add the below line
pcmd:/usr/local/cpanel/3rdparty/bin/php-cgi -c /usr/local/cpanel/3rdparty/etc/roundcube /usr/local/cpanel/base/3rdparty/roundcube/index.php
Restart CSF
csf -r
Leave A Comment