Page 1 of 1

Excessive resource usage and suspicious process

Posted: Thu Oct 26, 2017 9:45 am
by luistim
Hello guys,

I have your script installed in 5 domains.
But in one of the domains, I'm having several issues related with cron.php file.
Everyday, I receive thousands of emails from my server about an error with cron.php file in the tradeexpert directory of this specific account.
Here goes some of the emails that I'm receiving:
lfd on server.enigmaserver.net: Excessive resource usage: accountusername (9368 (Parent PID:9288))

Time: Thu Oct 26 05:00:20 2017 -0400 Account: accountusername Resource: Process Time Exceeded: 2265743 > 1800 (seconds) Executable: /usr/bin/php Command Line: /usr/bin/php /home/accountusername/public_html/webmasters/cron.php PID: 9368 (Parent PID:9288) Killed: No
lfd on server.enigmaserver.net: Suspicious process running under user accountusername

Time: Thu Oct 26 05:00:20 2017 -0400 PID: 9368 (Parent PID:9288) Account: accountusername Uptime: 2265743 seconds

Executable:

/usr/bin/php

Command Line (often faked in exploits):

/usr/bin/php /home/accountusername/public_html/webmasters/cron.php

Network connections by the process (if any):

tcp6: 0.0.0.0:35102 -> 254.168.9.30:80 tcp6: 0.0.0.0:35103 -> 254.168.9.30:80

Files open by the process (if any):

/dev/urandom

Memory maps by the process (if any):
(line too long here...)
Any idea of what could be?

This is very annoying and is spending all my email usage resources since the server is sending thousands and thousands of this emails per day.

Thanks!

Re: Excessive resource usage and suspicious process

Posted: Wed Nov 08, 2017 8:35 am
by texpert
Hello luistim,

can you PM me login details or hit me up on ICQ so i can check it?


Best regards,
Alex

Re: Excessive resource usage and suspicious process

Posted: Mon Nov 13, 2017 10:39 am
by luistim
Thank you Alex.

I already sent you a PM.

Re: Excessive resource usage and suspicious process

Posted: Mon Dec 11, 2017 8:49 pm
by luistim
Hello Alex,

Have you seen my Private Message?

Would be great if you could help me fix this.

Thanks!