Suspicious process running under user nginx

th£ lord

Verified User
Joined
Jan 6, 2007
Messages
39
Hi guys,
My server is always on alert. Why could it be? What can I do?

Mail Queue Administration there is excessive mail notification.

--------------------
server properties :
Linux version 3.2.0-4-amd64 ([email protected]) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.88-1
PHP 5.5.38 (cli) (built: Aug 1 2017 16:48:36)
Apache_nginx proxy
ConfigServer Firewall&Security installed
---------------------

Warning mail content :

PID: 9109 (Parent PID:9102)
Account: nginx
Uptime: 1144 seconds

Executable:

/usr/sbin/nginx

Command Line (often faked in exploits):

nginx: worker process

Network connections by the process (if any):

tcp: 185.xxx.xxx.21:80 -> 0.0.0.0:0
tcp: 185.xxx.xxx.156:80 -> 0.0.0.0:0
tcp: 185.xxx.xxx.157:80 -> 0.0.0.0:0
tcp: 185.xxx.xxx.158:80 -> 0.0.0.0:0
tcp: 185.xxx.xxx.161:80 -> 0.0.0.0:0
tcp: 185.xxx.xxx.162:80 -> 0.0.0.0:0
tcp: 185.xxx.xxx.163:80 -> 0.0.0.0:0
tcp: 185.xxx.xxx.155:80 -> 0.0.0.0:0
tcp: 127.0.0.1:80 -> 0.0.0.0:0
tcp: 185.xxx.xxx.21:443 -> 0.0.0.0:0
tcp: 185.xxx.xxx.156:443 -> 0.0.0.0:0
tcp: 185.xxx.xxx.157:443 -> 0.0.0.0:0
tcp: 185.xxx.xxx.158:443 -> 0.0.0.0:0
tcp: 185.xxx.xxx.161:443 -> 0.0.0.0:0
tcp: 185.xxx.xxx.162:443 -> 0.0.0.0:0
tcp: 185.xxx.xxx.163:443 -> 0.0.0.0:0
tcp: 185.xxx.xxx.155:443 -> 0.0.0.0:0
tcp: 127.0.0.1:443 -> 0.0.0.0:0


Files open by the process (if any):

/dev/null
/dev/null
/var/log/nginx/error_log
/var/log/nginx/access_log_proxy
/var/log/nginx/domains/domains.com.log
/var/log/nginx/domains/domains.com.bytes
/var/log/nginx/domains/domains.com.error.log
/var/log/nginx/domains/otherdomains.com.log
/var/log/nginx/domains/otherdomains.com.bytes
/var/log/nginx/domains/otherdomains.com.error.log

Thank you for your help.
 
Back
Top