XF 2.2 Image Proxy question - how find actual media from .data file?


We just started getting suspicious process errors from lfd.


Command Line (often faked in exploits):

/opt/cpanel/ea-php72/root/usr/bin/php-cgi /home/xyz/public_html/proxy.php

Network connections by the process (if any):

tcp: ->

Files open by the process (if any):

/tmp/ZCUDu5Rs5w (deleted)

I think we can ignore these but we are also getting excessive process at the same time.

How can we find out what and where this image is for trouble shooting?
Top Bottom