Knowledgebase

Portal Home > Knowledgebase > Articles Database > Problem with litespeed please help

Problem with litespeed please help

Posted by ertebat7, 09-25-2012, 11:36 AM
when i turn on litespeed i recive this emails every 3 minutes Suspicious process running under user nobody Time: Tue Sep 25 19:01:15 2012 +0330 PID: 22484 Account: nobody Uptime: 79 seconds Executable: /usr/local/lsws/bin/lshttpd.4.1.13 Command Line (often faked in exploits): litespeed (lshttpd) Network connections by the process (if any): tcp: 127.0.0.1:443 -> 0.0.0.0:0 tcp: 127.0.0.1:80 -> 0.0.0.0:0 tcp: 5.135.55.14:443 -> 0.0.0.0:0 tcp: 5.135.55.14:80 -> 0.0.0.0:0 tcp: 0.0.0.0:7080 -> 0.0.0.0:0 tcp: 5.135.55.14:80 -> 78.38.129.71:49212 tcp: 5.135.55.14:80 -> 109.72.200.161:42549 tcp: 5.135.55.14:80 -> 2.144.59.167:57643 tcp: 5.135.55.14:80 -> 188.245.47.187:15488 tcp: 5.135.55.14:80 -> 2.188.203.251:53565 tcp: 5.135.55.14:80 -> 109.72.200.161:42521 tcp: 5.135.55.14:80 -> 5.22.61.44:1406 tcp: 5.135.55.14:80 -> 151.245.173.252:57428 tcp: 5.135.55.14:80 -> 109.72.200.161:42540 tcp: 5.135.55.14:80 -> 109.72.200.161:42387 Files open by the process (if any): /dev/null /dev/null /usr/local/apache/logs/error_log /dev/urandom eventpoll:[3205817] /usr/local/lsws/logs/access.log /usr/local/apache/logs/stderr.log /usr/local/apache/domlogs/forum.interfans.ir-bytes_log /usr/local/apache/domlogs/fesghelchat.org-bytes_log /home/robochat/public_html/js/dragdrop.js /usr/local/apache/domlogs/robochat.ir-bytes_log /usr/local/apache/domlogs/demeschat.ir-bytes_log /home/robochat/public_html/styles/robochat_new/robo.css /home/bombamus/public_html/includes/preloader.js /home/mar2mak/public_html/smileys.html /home/bombamus/public_html/includes/Ajax/ please help a solution for this problem
Posted by BestServerSupport, 09-25-2012, 11:40 AM
Add the following lines to /etc/csf/csf.pignore: exe:/opt/lsws/bin/lshttpd.3.1 exe:/opt/lsws/fcgi-bin/lsphp Then restart lfd: service lfd restart
Posted by ertebat7, 09-25-2012, 11:50 AM
what is meaning this emails? Is it my server infected?
Posted by George_Fusioned, 09-25-2012, 08:44 PM
Actually in this case the paths are different exe:/usr/local/lsws/bin/lshttpd.4.1.13 exe:/usr/local/lsws/fcgi-bin/lsphp Nope, no problem at all. It's normal, check this out: http://forum.configserver.com/viewtopic.php?t=2059

Add to Favourites Print this Article

Client Navigation

Useful Pages

Support Center

About 02link

02link provides enterprise hosting and server services at an amazing price. Don't see something that suits your needs? Get a free custom quote from one of our hosting experts.