Christmas Holiday

We will be closing our Store, Sales and Helpdesk from 17:30 Wednesday, 23rd December 2020 to 09:00 Monday, 4th January 2021. No orders, support requests or sales emails will be processed between those dates.

If you purchase a license or Service Package before the closing date and require installation, please be sure to leave at least 24 hours before then for the work to be done. Otherwise, any work will be scheduled for after this period.

Suspicious process running under user

Post Reply
leonep
Junior Member
Posts: 8
Joined: 15 Dec 2014, 10:30

Suspicious process running under user

Post by leonep »

what can i do ? i have changed all account passwords but somwthing continue to create this process.
This is a joomla website (updated) . I need exploit scanner?


Time: Thu Mar 31 16:03:56 2016 +0200
PID: 11550 (Parent PID:9249)
Account: archeage
Uptime: 97 seconds


Executable:

/opt/cpanel/ea-php55/root/usr/bin/php-cgi


Command Line (often faked in exploits):

/opt/cpanel/ea-php55/root/usr/bin/php-cgi /home/archeage/public_html/DePTBdwoNkmI/se0qPW54B.php


Network connections by the process (if any):

tcp: 188.165.218.157:60788 -> 195.128.125.248:80


Files open by the process (if any):



Memory maps by the process (if any):

00400000-00746000 r-xp 00000000 09:02 1144572 /opt/cpanel/ea-php55/root/usr/bin/php-cgi
00945000-009d0000 rw-p 00345000 09:02 1144572 /opt/cpanel/ea-php55/root/usr/bin/php-cgi
leonep
Junior Member
Posts: 8
Joined: 15 Dec 2014, 10:30

Re: Suspicious process running under user

Post by leonep »

i am always running this problem , someone can help me investigating? i don't know what do
i have joomla website updated , all plugin updated , i have changed all password from cpanel and from joomla users..thanks
bizzgang
Junior Member
Posts: 1
Joined: 22 Mar 2017, 15:07

Re: Suspicious process running under user

Post by bizzgang »

I have the same, here is the code from the configserver, any idea ????

EXE:/opt/cpanel/ea-php56/root/usr/bin/php-cgi CMD:/opt/cpanel/ea-php56/root/usr/bin/php-cgi
Post Reply