I have WHM / Cpanel installed on a CentOS droplet, I have also configured CSF firewall. I’m getting logs saying that there are suspicious processes running under user “Nobody” which seem to be Digital Ocean-related. Is there anything I should do or should I just ignore it? Example logs:
Time: Thu Aug 10 16:24:42 2017 -0700 PID: 953 (Parent PID:953) Account: nobody Uptime: 61533 seconds
Command Line (often faked in exploits):
Network connections by the process (if any):
tcp: MY SERVER IP -> 184.108.40.206:443
Files open by the process (if any):
/dev/null anon_inode:[eventpoll] /run/digitalocean-agent/tufLocalStore /dev/urandom
Memory maps by the process (if any):
00400000-006b1000 r-xp 00000000 fd:01 529648 /opt/digitalocean/bin/do-agent 006b1000-008b4000 r–p 002b1000 fd:01 529648 /opt/digitalocean/bin/do-agent 008b4000-008e5000 rw-p 004b4000 fd:01 529648 /opt/digitalocean/bin/do-agent 008e5000-00908000 rw-p 00000000 00:00 0 00b3b000-00b5c000 rw-p 00000000 00:00 0 [heap] c000000000-c000002000 rw-p 00000000 00:00 0 c41ffd0000-c420200000 rw-p 00000000 00:00 0 [stack:28837] c420200000-c420600000 rw-p 00000000 00:00 0 7f20d8000000-7f20d8021000 rw-p 00000000 00:00 0 7f20d8021000-7f20dc000000 —p 00000000 00:00 0 7f20e0000000-7f20e0021000 rw-p 00000000 00:00 0 7f20e0021000-7f20e4000000 —p 00000000 00:00 0 7f20e6028000-7f20e6029000 —p 00000000 00:00 0 7f20e6029000-7f20e6989000 rw-p 00000000 00:00 0 7f20e6989000-7f20e698a000 —p 00000000 00:00 0 7f20e698a000-7f20e718a000 rw-p 00000000 00:00 0 [stack:994]
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Click below to sign up and get $100 of credit to try our products over 60 days!