I have just installed and configured CSF and I am getting 100s of spam emails containing this message.
lfd on localhost: Suspicious process running under user www-data
Time: Wed May 23 01:05:52 2012 +0200
PID: 8503
Account: www-data
Uptime: 118 seconds
Executable:
/usr/lib/apache2/mpm-prefork/apache2
Command Line (often faked in exploits):
/usr/sbin/apache2 -k start
Network connections by the process (if any):
tcp6: 0.0.0.0:80 -> 0.0.0.0:0
Files open by the process (if any):
Does anyone know how to fix?
You can edit the /etc/csf/csf.pignore
Here are instructions from CSF: http://forum.configserver.com/viewtopic.php?f=6&t=2059