The cPanel server has bene installed and NGINX is installed and started. Soon, the suspicious process notifications comes from CSF/LFD.

...Executable:

/usr/sbin/nginx


Command Line (often faked in exploits):

nginx: worker process
...

So, the process needs to be whitelisted. Lets edit the following:

nano /etc/csf/csf.pignore

Add the following:

exe:/usr/sbin/nginx

Restart CDF/LDF

csf -r

We can also add this in cPanel at “Home” > “Plugins” : ConfigServer Security and Firewall