How to ignore PHP scripts run from Cron

Post Reply
mikelegg
Junior Member
Posts: 45
Joined: 10 Nov 2007, 03:10

How to ignore PHP scripts run from Cron

Post by mikelegg »

Hi Guys
I've been trying for a month to stop LFD warnings from legitimate PHP scripts that are run from cron, but none of the suggestions I've found are working.

I've tried ...

In /etc/csf/csf.signore
/path/to/script.php

In /etc/csf/csf.pignore
cmd:php /path/to/script.php
exe:/path/to/script.php
exe:/opt/cpanel/ea-php72/root/usr/bin/php-cgi /path/to/script.php
exe:/bin/bash -c /usr/bin/php /path/to/script.php >/dev/null 2>&1

But every day I get " Suspicious process running under user xxxx" emails.

What is the correct syntax to ignore these scripts?
consultant
Junior Member
Posts: 25
Joined: 24 Aug 2016, 04:49

Re: How to ignore PHP scripts run from Cron

Post by consultant »

Same issue. Banging my head against a wall. Did you ever figure it out?
mikelegg
Junior Member
Posts: 45
Joined: 10 Nov 2007, 03:10

Re: How to ignore PHP scripts run from Cron

Post by mikelegg »

The warnings have stopped, but it's so long ago, I don't know what finally fixed it.

I can see I have entries in /etc/csf/csf.signore

Maybe these finally worked.
mikelegg
Junior Member
Posts: 45
Joined: 10 Nov 2007, 03:10

Re: How to ignore PHP scripts run from Cron

Post by mikelegg »

They've come back again.

I've found that the path to the PHP CGI has changed, so I've updated csf.pignore to use
exe:/opt/cpanel/ea-phpnn/root/usr/bin/php-cgi /path/to/php/script.php

I'll update this thread if that works
mikelegg
Junior Member
Posts: 45
Joined: 10 Nov 2007, 03:10

Re: How to ignore PHP scripts run from Cron

Post by mikelegg »

Nope that didn't work.

Maybe I can just make a rule to delete the hundreds of emails when they arrive.
Sergio
Junior Member
Posts: 1685
Joined: 12 Dec 2006, 14:56

Re: How to ignore PHP scripts run from Cron

Post by Sergio »

@mikelegg,
in CSF go to pignore and add the following line in there:
exe:/opt/cpanel/ea-php72/root/usr/bin/php-cgi

if you want the rule to be applied to any version of php, you can add:
pexe:/opt/cpanel/ea-php\d+/root/usr/bin/php-cgi
Post Reply