Tag Archives: Suspicious process

Executable:/usr/local/cpanel/3rdparty/bin/php-cgiCommand Line (often faked in exploits):/usr/local/cpanel/3rdparty/bin/php-cgi -c /usr/local/cpanel/3rdparty/etc/roundcube /usr/local/cpanel/base/3rdparty/roundcube/index.php Network connections by the process (if any): tcp: 127.0.0.1:48277 -> 127.0.0.1:143 Solution  ======  vi /etc/csf/csf.pignore And add the below line pcmd:/usr/local/cpanel/3rdparty/bin/php-cgi -c /usr/local/cpanel/3rdparty/etc/roundcube /usr/local/cpanel/base/3rdparty/roundcube/index.php Restart CSF  csf -r