XF 2.2 Image Proxy question - how find actual media from .data file?

Schweddy

Member
We just started getting suspicious process errors from lfd.


/opt/cpanel/ea-php72/root/usr/bin/php-cgi


Command Line (often faked in exploits):

/opt/cpanel/ea-php72/root/usr/bin/php-cgi /home/xyz/public_html/proxy.php


Network connections by the process (if any):

tcp: 127.0.0.1:38126 -> 127.0.0.1:6379


Files open by the process (if any):

/home/xyz/public_html/internal_data/image_cache/310/310859-033a19547157d8557f8f4138fa570a74.data
/tmp/ZCUDu5Rs5w (deleted)



I think we can ignore these but we are also getting excessive process at the same time.

How can we find out what and where this image is for trouble shooting?
 
Top