If you are getting an email like this from your server:

 

lfd on your.server.com: Suspicious process running under user nobody

Executable:
/usr/local/bin/memcached

Command Line (often faked in exploits):
/usr/local/bin/memcached -u root -m 16 -p 11211 -u nobody -l 127.0.0.1

 

In this case, it’s saying that memcached is running, but could be fake.  If you know your server runs memcached, and this is a valid process, then you need to whitelist it. 

Use the following steps to whitelist.

 

  1. SSH to your server (putty or similar)
  2. Edit /etc/csf/csf.pignore in your text editor like vi or mc
  3. Add this to the bottom of the file.  exe:/usr/local/bin/memcached
  4. Once you have added the line to the file, restart CSF, and you should no longer get any email warnings about memcached.


BAEHOST

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

Error handling with cPanel

cPanel provides a section to handle the errors in a very easy way, the only thing that you have...
Webmail Roundcube no abre y muestra Oops... something went wrong!

En cPanel si el webmail Roundube no abre y muestra Oops... something went wrong! seguramente la...