The cPanel server has bene installed and NGINX is installed and started. Soon, the suspicious process notifications comes from CSF/LFD.
...Executable:
/usr/sbin/nginx
Command Line (often faked in exploits):
nginx: worker process
...
So, the process needs to be whitelisted. Lets edit the following:
nano /etc/csf/csf.pignore
Add the following:
exe:/usr/sbin/nginx
Restart CDF/LDF
csf -r
We can also add this in cPanel at “Home” > “Plugins” : ConfigServer Security and Firewall
