Results 1 to 1 of 1

Thread: Increase in lfd alerts

  1. #1
    omarfilip's Avatar
    omarfilip is offline Nearly a Master Glow Jedi
    Join Date
    Jan 2008
    Location
    Dallas, TX
    Posts
    127

    Default Increase in lfd alerts

    I've been getting an increased number of lfd alerts from my dedicated server for the past 10-15 days.

    They are mostly this:
    Code:
    lfd: Excessive resource usage: Account A (4039)
    Time:         Mon Jun  8 08:25:24 2009 -0500
    Account:      Account A
    Resource:     Process Time
    Exceeded:     10821 > 1800 (seconds)
    Executable:   /usr/bin/perl
    Command Line: spamd child
    PID:          16580
    Killed:       Yes
    and this:
    Code:
    lfd: Suspicious process running under user Account A
    PID:     5598
    Account: Account A
    Uptime:  6131 seconds
    
    Executable:
    /usr/bin/perl
    
    Command Line (often faked in exploits):
    spamd child
    
    Network connections by the process (if any):
    tcp: cPanelŽ -> cPanelŽ
    
    tcp: cPanelŽ -> cPanelŽ
    udp: cPanelŽ -> 63.247.77.198:53
    
    Files open by the process (if any):
    /dev/null
    /dev/null
    /dev/null
    /usr/bin/spamd
    /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/VBounce.pm
    but over the past two days a new alert:
    Code:
    lfd: LOCALRELAY alert for account Account B
    Time:  Mon Jun  8 09:28:07 2009 -0500
    Type:  LOCALRELAY, Local Account - Account B
    Count: 103 emails relayed
    Blocked: No
    
    Sample of the first 10 emails:
    2009-06-08 09:28:03 1MDfp.... <snip>
    The emails sampled in the LOCALRELAY alert are legitimate.

    Account A and B above are real accounts, but renamed for posting here.

    Is anyone else getting this increase in alerts or is it just my server and what should I do about it?
    Last edited by omarfilip; 06-08-2009 at 10:02 AM.

Similar Threads

  1. Please increase disk space for Prof hosting ??
    By Unregistered in forum Pre-Sales Questions
    Replies: 1
    Last Post: 09-16-2008, 07:28 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16