Executable:/usr/local/cpanel/3rdparty/bin/php-cgiCommand Line (often faked in exploits):/usr/local/cpanel/3rdparty/bin/php-cgi -c /usr/local/cpanel/3rdparty/etc/roundcube /usr/local/cpanel/base/3rdparty/roundcube/index.php

Network connections by the process (if any):
tcp: 127.0.0.1:48277 -> 127.0.0.1:143

Solution
======

vi /etc/csf/csf.pignore

And add the below line

pcmd:/usr/local/cpanel/3rdparty/bin/php-cgi -c /usr/local/cpanel/3rdparty/etc/roundcube /usr/local/cpanel/base/3rdparty/roundcube/index.php

Restart CSF

csf -r

lfd on server.com Suspicious process running under user cpanelroundcube

Leave A Comment Cancel reply

RECENT TWEETS

lfd on server.com Suspicious process running under user cpanelroundcube

Share This Information

Related Posts

Leave A Comment Cancel reply

RECENT TWEETS