We just started getting suspicious process errors from lfd.
/opt/cpanel/ea-php72/root/usr/bin/php-cgi
Command Line (often faked in exploits):
/opt/cpanel/ea-php72/root/usr/bin/php-cgi /home/xyz/public_html/proxy.php
Network connections by the process (if any):
tcp: 127.0.0.1:38126 -> 127.0.0.1:6379
Files open by the process (if any):
/home/xyz/public_html/internal_data/image_cache/310/310859-033a19547157d8557f8f4138fa570a74.data
/tmp/ZCUDu5Rs5w (deleted)
I think we can ignore these but we are also getting excessive process at the same time.
How can we find out what and where this image is for trouble shooting?
/opt/cpanel/ea-php72/root/usr/bin/php-cgi
Command Line (often faked in exploits):
/opt/cpanel/ea-php72/root/usr/bin/php-cgi /home/xyz/public_html/proxy.php
Network connections by the process (if any):
tcp: 127.0.0.1:38126 -> 127.0.0.1:6379
Files open by the process (if any):
/home/xyz/public_html/internal_data/image_cache/310/310859-033a19547157d8557f8f4138fa570a74.data
/tmp/ZCUDu5Rs5w (deleted)
I think we can ignore these but we are also getting excessive process at the same time.
How can we find out what and where this image is for trouble shooting?
