Hello team
I am using CSF and WP Toolkit - recently getting a lot of the following emails for one specific user.
After looking into that user, it appeared they had been hacked. The WordPress site was deleted 100% and then rebuilt from scratch with new WP installation and replaced plugins etc. After various scans and checks, the site is 100% clean now and using Cloudflare with various WAF lockdowns in place.
However, I am still getting the following email notification every hour - can you help me identify what is happening? There are multiple accounts on the server - only getting notifications for this one user.
lfd on root@example: Excessive resource usage: wp-toolkit
Time: Sun Jul 9 19:01:06
Account: wp-toolkit
Resource: Process Time
Exceeded: 178799 > 15600 (seconds)
Executable: /usr/bin/timeout
Command Line: timeout 60 /usr/local/cpanel/3rdparty/wp-toolkit//bin/wpt-panopticon -user example123 -operation run-wp-cli -work-dir /home/example123/public_html -php-max-execution-time 60 -- instance info --format=json --check-updates=true
PID: 6766 (Parent PID:6048)
Killed: No
I am also getting this every hour:
Email Subject: lfd on root@example: Excessive resource usage: example123 (6711 (Parent PID:67113))
Time: Sun Jul 9 19:01:06
Account: example123
Resource: Process Time
Exceeded: 178798 > 15600 (seconds)
Executable: /opt/cpanel/ea-php80/root/usr/bin/php
Command Line: /opt/cpanel/ea-php80/root/usr/bin/php -r require '/usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/wpt-wp-cli.php'; -d safe_mode=off -d display_errors=on -d opcache.enable_cli=off -d open_basedir= -d error_reporting=341 -d max_execution_time=60 --no-header -- --no-color --path=/home/example123/public_html instance info --format=json --check-updates=true
PID: 6774 (Parent PID:6767)
Killed: No
Is there any chance it is related to this thread?
I am using CSF and WP Toolkit - recently getting a lot of the following emails for one specific user.
After looking into that user, it appeared they had been hacked. The WordPress site was deleted 100% and then rebuilt from scratch with new WP installation and replaced plugins etc. After various scans and checks, the site is 100% clean now and using Cloudflare with various WAF lockdowns in place.
However, I am still getting the following email notification every hour - can you help me identify what is happening? There are multiple accounts on the server - only getting notifications for this one user.
lfd on root@example: Excessive resource usage: wp-toolkit
Time: Sun Jul 9 19:01:06
Account: wp-toolkit
Resource: Process Time
Exceeded: 178799 > 15600 (seconds)
Executable: /usr/bin/timeout
Command Line: timeout 60 /usr/local/cpanel/3rdparty/wp-toolkit//bin/wpt-panopticon -user example123 -operation run-wp-cli -work-dir /home/example123/public_html -php-max-execution-time 60 -- instance info --format=json --check-updates=true
PID: 6766 (Parent PID:6048)
Killed: No
I am also getting this every hour:
Email Subject: lfd on root@example: Excessive resource usage: example123 (6711 (Parent PID:67113))
Time: Sun Jul 9 19:01:06
Account: example123
Resource: Process Time
Exceeded: 178798 > 15600 (seconds)
Executable: /opt/cpanel/ea-php80/root/usr/bin/php
Command Line: /opt/cpanel/ea-php80/root/usr/bin/php -r require '/usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/wpt-wp-cli.php'; -d safe_mode=off -d display_errors=on -d opcache.enable_cli=off -d open_basedir= -d error_reporting=341 -d max_execution_time=60 --no-header -- --no-color --path=/home/example123/public_html instance info --format=json --check-updates=true
PID: 6774 (Parent PID:6767)
Killed: No
Is there any chance it is related to this thread?
Last edited:
