lfd on srv1.domain.net: Suspicious process running under user nobody

March 29, 2023 The Geek Decoder No Comments Unkategorisiert

The cPanel server has bene installed and NGINX is installed and started. Soon, the suspicious process notifications comes from CSF/LFD. 

...Executable:

/usr/sbin/nginx


Command Line (often faked in exploits):

nginx: worker process
...

So, the process needs to be whitelisted. Lets edit the following:

nano /etc/csf/csf.pignore

Add the following:

exe:/usr/sbin/nginx

Restart CDF/LDF

csf -r

We can also add this in cPanel at “Home” > “Plugins” : ConfigServer Security and Firewall

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.