I could also ask this on the csf/lfd forum but I can only assume that a lot of you guys also run csf/lfd.
I am getting a lof of emails stating "lfd on vps.xx-xx.nl: Suspicious process running under user admin" and then:
And yeah I don't really want these emails so I have added the following to `/etc/csf/csf.pignore` but I still keep getting emails.
I don't really want to exclude `perl` I just want to exclude the spamd.
Does anybody know the exact command I can use to exclude it?
Thanks!
I am getting a lof of emails stating "lfd on vps.xx-xx.nl: Suspicious process running under user admin" and then:
Time: Mon Apr 26 18:51:26 2021 +0200
PID: 4081 (Parent PID:4079)
Account: admin
Uptime: 44775 seconds
Executable:
/usr/bin/perl
Command Line (often faked in exploits):
spamd child
And yeah I don't really want these emails so I have added the following to `/etc/csf/csf.pignore` but I still keep getting emails.
exe:/usr/bin/spamd
cmd:spamd child
pcmd:spamd child
cmd:spamd
pdms:spamd
pcmd:/usr/bin/perl.spamd.child
exe:/usr/bin/perl spamd child
I don't really want to exclude `perl` I just want to exclude the spamd.
Does anybody know the exact command I can use to exclude it?
Thanks!