lfd on srv1.domain.net: Suspicious process running under user nobody

The cPanel server has bene installed and NGINX is installed and started. Soon, the suspicious process notifications comes from CSF/LFD.

...Executable:

/usr/sbin/nginx


Command Line (often faked in exploits):

nginx: worker process
...

So, the process needs to be whitelisted. Lets edit the following:

nano /etc/csf/csf.pignore

Add the following:

exe:/usr/sbin/nginx

Restart CDF/LDF

csf -r

We can also add this in cPanel at “Home” > “Plugins” : ConfigServer Security and Firewall

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.