1. S

    firewalld with lfd

    I just installed cPanel + WHM on Almalinux 8.8. All good. I'm now securing it. I noticed its using FirewallD. Is that good or bad? I would like lfd to still automatically block hits from brute force password guessing. Can I still do that? Should I switch to csf? What is recommended?
  2. S

    rpcbind - lfd excessive resource email

    Could be coincidental, but lfd excessive resource email started at the same time cPanel updated to 110.0.1 today. lfd on vps2.aps123.com: Excessive resource usage: rpc (676 (Parent PID:676)) Time: Tue Apr 4 16:35:31 2023 -0600 Account: rpc Resource: Process Time Exceeded: 19867 > 1800 (seconds)...
  3. D

    SOLVED High server load unless lfd is stopped, issue only started the last few days

    Within the last few days I have been experiencing a very high server load, to the point where the only way to reboot the server is to hard reset it. Had the hosting provider look at it and they gave me suggestions about disabling wp-cron on sites and scheduling the tasks through the cpanel...
  4. P

    lfd on example.com SYSLOG Check Failed - Problem with logging.

    Hello, For the past few days I have been receiving emails with the following message: Time: Sat Feb 25 20:17:35 2023 +0100 Error: Failed to detect code [Uzu5u0Wiuq8DgDhIZ0MP7H9xUNYs] in SYSLOG_LOG [var/log/messages] SYSLOG may not be running correctly on server.example.com The issue is...
  5. G

    lfd on cpanel server: Excessive resource usage:

    Hi guys, Getting heaps of these messages. Resource: Process Time Exceeded: 63227 > 1800 (seconds) Executable: /opt/cpanel/ea-php56/root/usr/bin/php Resource: Process Time Exceeded: 149631 > 1800 (seconds) Executable: /usr/local/cpanel/3rdparty/wp-toolkit/bin/wpt-panopticon...
  6. Otávio Serra

    lfd - Suspicious process running under user nobody

    Hello, LFD is notifying me via email 3 or more times per day messages like below: Time: Thu Oct 27 08:39:14 2022 -0300 PID: 6479 (Parent PID:6059) Account: nobody Uptime: 119 seconds Executable: /usr/local/cpanel/cgi-sys/autodiscover.cgi Command Line (often faked in exploits)...
  7. G

    lfd on cpanelserver: System Integrity checking detected a modified system file

    Hi guys, Got this alert from one of the cPanel servers (I have 2) Please advise how it should be investigated.
  8. keat63

    lfd blocked too many connections

    In my logs i'm seeing Subject: lfd on my.server.co.uk: xx.xxx.xx.xxx (GB/United Kingdom/xx.xxx.xx.xxx.dsl.in-addr.zen.co.uk) blocked with too many connections I know exactly what this is, it's a database sync between our internal server and web server. My IP is whitelisted in CSF. Any ideas...
  9. eventtex

    LFD - Suspicious process running under user postgres

    Hello, I come to you because I received several notification emails from my VPS server entitled: LFD - Suspicious process running under user postgres Here is the content of the email I wanted to have your opinion on this subject to know if I should take this alert into account or not? Is...
  10. J

    lfd on server.com: Suspicious process running under user username

    Hello, I was wondering if anyone could help me with this. We keep receiving messages like this and I am concerned that something is wrong and if not, how can I stop the notifications? Many thanks Time: Mon May 2 10:04:43 2022 -0400 PID: 2072066 (Parent PID:1951773) Account...
  11. D

    lfd Suspicious process running under user nobody

    my whm version: 100.0.7 apache+nginx+npm+php-fpm I am getting hundredes of alert email from ConfigServer Security & Firewall - csf v14.15 as follows Time: Thu Jan 27 20:29:02 2022 +0530 PID: 2656 (Parent PID:31208) Account: nobody Uptime: 92 seconds Executable: /usr/sbin/nginx...
  12. leonep

    LFD wp-toolkit whitelist commands in /var/log/secure

    Hi, i have a lot of lines in /var/log/secure about wptoolkit commands, like this: /var/log/secure: Dec 9 07:00:00 server sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=myuser ; COMMAND=/bin/cagefs_enter stat -c %a...
  13. K

    LFD Alerts

    Hello, How can i disable this email notification `lfd on xxxxxxxxxxxxxxxxxxxxx: WHM/cPanel root access alert from IP xxxxxx` whenever i switch tabs? I want to receive this email only when I/someone logging in to the WHM interface. If i switch browser tab, and if i click some other menu item...
  14. BlueSteam

    LFD Alerts from CSF about php-fpm Excessive resource usage for Virtual Memory Size

    Hi All, I am aware that the following alert is coming from CSF about the php-fpm pool: The server is a brand new installation of cPanel and this is the first account that has been loaded on to the server. All configs are default for cPanel and PHP as well as CSF. Is this really actually...
  15. C

    How to set "From" email for the server for CSF/LFD alerts?

    Hello, CSF/LFD alerts are not being forwarded to my email which I've set on Home »Server Contacts »Edit System Mail Preferences. Where to set the From email in the WHM? Return-path: <root@ns1234> Received: from root by ns1234 with local (Exim 4.94.2) (envelope-from <root@ ns1234>) id...
  16. V

    C panel server going down frequently

    Hello folks, I have a C panel hosted on Centos 7 server, it's going down frequently. getting some emails that Clamd, LFD, Spamd failing. Please refer attached screenshots Thanks
  17. R

    WHM access not by me

    Hello, today lfd notified me a new WHM/cPanel root access to my VPS by an IP from Romania (it's not mine). When i saw the email, i logged immediately into WHM and i blocked that IP. I changed also my root password. Apparently it seems that everything works fine. My VPS has CSF installed and...
  18. G

    LFD keeps failing, now I see that /usr/sbin/csf and lfd have been modified

    For the last couple of days I've been getting a TON of emails that lfd has failed. I had a cracker upload a backdoor script on 10/7/20 that I thought was fixed, but maybe I was wrong. I'm running WHM / cPanel v.86.0.29 because I'm still using MySQL 5.5, and no one responded on whether there is...
  19. R

    Using Imunify360, but see this message "CSF is installed, but LFD is not running"

    I have Imunfy360 installed and CSF/LDF seem to be uninstalled. I see this message "CSF is installed, but LFD is not running" in the Security Advisor output. I realize the notice is not accurate and can be safely ignore it ( I double check for CSF/LDF via SSH, not installed ). Anything I can...
  20. inteldigital

    LFD LiteSpeed notification: Suspicious process running under user nobody

    Hi I am having this annoying issue with LFD flagging LiteSpeed as running under nobody and using excessive resources etc. I've tried adding it to ignore list in WHM using the following regex but it isn't taking. Does anybody have any other suggestions? pexe:^/usr/local/lsws/bin/lshttpd.*$