Suspicious Process - lfd

1 post Page 1 of 1
redmondsau
Junior Member
Posts: 1
Joined: 11 Mar 2019, 01:02


I am continually getting emails warning of Suspicious Process running under user ....

Executable(s):
/opt/cpanel/ea-php72/root/usr/sbin/php-fpm (most common)
/opt/cpanel/ea-php72/root/usr/bin/php.cagefs

Command Line (s):
php-fpm: pool bitsmart_biz (most common)
php-fpm: pool nutraceuticals_net_au
/opt/cpanel/ea-php72/root/usr/bin/php -c /home/cafecoma/public_html/support/php.ini -q /home/cafecoma/whmcs/crons/cron.php

It seems to be generated by virtually all of the accounts at some point or other. There is only about 12 accounts on the server and only one has any traffic to mention.

I did look at the page
https://support.configserver.com/en/kno ... d-with-lfd.

On occasion I have manage to also identify high CPU usage from lfd displayed on WHM Load Averages (I know it is dubious). I have rarely checked TOP and do not see high usage at all when I checked.

I do not seem to have the file /etc/syslog.conf

I checked /var/log/lfd/log and saw no reference to throttling.

While watching top and clicking on a link on a website CPU jumped to 80+%. Culprit was php-fpm pool.

Basically any page load on any website seems to result in php-fpm : pool domain_name_com using very high cpu.

The main reason I am investigating as I feel that the server is well spec'ed but still not happy with the responsiveness of sites on the server. Especially first page load.

Thanks for any assistance or advice you can offer.
1 post Page 1 of 1