"Suspicious Process" -- how to debug?

Post Reply
Junior Member
Posts: 2
Joined: 01 Sep 2020, 00:57

"Suspicious Process" -- how to debug?

Post by rudolfl »

Hi all,

I am getting a lot of e-mails about suspicions process running. I did find many threads about it and all pretty much talk about how to silience those.
I want to fix (if possible) the underlying problem.

Those warnings are generally only specify user and PHP executable.

Network connectiosn I am getting are:
Network connections by the process (if any):

tcp: ->
tcp: ->

(this is connection from localhost to memcached server running on same lolcalhost).

I believe issue is most likely related to automated bots trying to access the site for the purpose of scanning or brute force.

What I would like to do is to find offending script and offending user (IP). Taking a look at apache log files does help to a point. I did find few offending IPs and blocked them, but there is more.

Sites are all running WordPress.

Any pointers on how to investigate will be greatly appreciated.

Post Reply