Results 1 to 5 of 5
  1. #1

    LFD Suspicious process running under user tecsysma???

    Hi there,

    I recently installed CSF firewall on my server, but I keep receiving handreds of messages like this below, should I worry about this, and if it is not security threat, how to block those fake messages.

    Thank you.

    Time: Sat Nov 14 10:08:09 2009 +0000
    PID: 11722
    Account: tecsysma
    Uptime: 27642 seconds



    Command Line (often faked in exploits):

    spamd child

    Network connections by the process (if any):

    tcp: ->
    tcp: ->

    Files open by the process (if any):


    Memory maps by the process (if any):

    00111000-00132000 r-xp 00000000 08:03 2654214 /lib/tls/
    00132000-00133000 rw-p 00021000 08:03 2654214 /lib/tls/
    00133000-00266000 r-xp 00000000 08:03 2654212 /lib/tls/
    00266000-00269000 rw-p 00132000 08:03 2654212 /lib/tls/
    00269000-0026c000 rw-p 00000000 00:00 0
    0026c000-00270000 r-xp 00000000 08:03 5718108
    00270000-00271000 rw-p 00004000 08:03 5718108
    00271000-0027e000 r-xp 00000000 08:03 2654216 /lib/tls/
    0027e000-0027f000 rw-p 0000c000 08:03 2654216 /lib/tls/
    0027f000-00281000 rw-p 00000000 00:00 0

  2. #2
    Join Date
    Jul 2007
    This is due to the spam checks done on the emails by the spamassassin software. This seems to me a false positive which can be ignored.
    Prashant T.

    Don't run after Success. Run after Excellence and Success will soon follow.

  3. #3
    Thank you , I will add this process to the CSF ignore file.

  4. #4
    Join Date
    Oct 2009
    This message appears when your process binary is updated. Restart the process spamd and exim to fix it.
    Windows/Linux Expert; Plesk/Cpanel/Ensim Guru.
    ..and an expert spam tracker.

  5. #5
    Quote Originally Posted by anastasia0181 View Post
    Thank you , I will add this process to the CSF ignore file.
    These are false alarms which are generated because of the default settings of the firewall. Instead of placing the process in the ignore list, tweak the following options as per your wish to avoid false alarms but to alert you when really a suspicious process is running.

    The two options are:


    Once you make the changes, save the file and restart the csf firewall.
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at] | Skype : madaboutlinux

Similar Threads

  1. Suspicious Process Running under user in my host.. What should I do?
    By queen_leonia in forum Hosting Security and Technology
    Replies: 24
    Last Post: 09-14-2009, 10:14 AM
  2. why User root is running process httpd all time?
    By papiandy in forum Hosting Security and Technology
    Replies: 17
    Last Post: 07-07-2009, 06:23 AM
  3. lfd: Suspicious File Alert
    By junglecat in forum Hosting Security and Technology
    Replies: 13
    Last Post: 06-25-2009, 10:57 AM
  4. LFD Process Email Alerts
    By parag in forum Dedicated Server
    Replies: 7
    Last Post: 05-05-2009, 11:15 AM
  5. WHM emails.. Suspicious process running under user XXXX..
    By webuser00 in forum Hosting Security and Technology
    Replies: 2
    Last Post: 08-29-2008, 09:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts