Replies: 0
Hello WordFence
A week ago I installed CSF on my VPS and I turned on LFD.
Since then I’ve had over 1200 emails from LFD saying WordFence is a suspicious process.
Is this a false positive? It would be ironic if WordFence was infected and I find that hard to believe.
Is there some sort of conflict between WordFence and LFD or is it because WordFence sends data to its own server that’s causing the problem?
Is there a fix to this?
I posted on the CSF Forum but they never replied, so I thought I would ask you instead
I’d be grateful for any help.
Thanks.
Here is the message I’m receiving:
Time: Tue May 9 13:20:01 2017 +0100
PID: 29293 (Parent PID:27098)
Account: admin
Uptime: 81 seconds
Executable:
/opt/cpanel/ea-php56/root/usr/bin/php-cgi
Command Line (often faked in exploits):
/opt/cpanel/ea-php56/root/usr/bin/php-cgi
Network connections by the process (if any):
tcp: 123.123.123.123:38428 -> 123.123.123.123:80
Files open by the process (if any):
/var/log/apache2/error_log
/tmp/.ZendSem.80xPEq (deleted)
/dev/urandom
/home/admin/public_html/wp-content/wflogs/ips.php
/home/admin/public_html/wp-content/wflogs/config.php
/home/admin/public_html/wp-content/wflogs/attack-data.php
- This topic was modified 29 minutes ago by LordLiverpool.