ConfigServer Community Forum

I’m getting a number of emails from CSF for “Suspicious process running under user ____” for Wordfence logs. Command Line (often faked in exploits): php-fpm: pool website_url Files open by the process (if any): /dev/null /tmp/.ZendSem.NCrsJg (deleted) /home/server/public_html/website_url/wp-content/...