Suspicious process running under user nobody - Executable: /usr/local/lsws/bin/lshttpd.5.3.3

#1
Hello Everyone,

we got this alert, since we are beginners we are not able to understand whether it's a possible exploit or just a false alarm, we worry about ports,, thanks in advance

Complete alert is attached
Code:
Time:    Sat Nov 10 09:18:33 2018 +0000
PID:     2377 (Parent PID:2374)
Account: nobody
Uptime:  174483 seconds


Executable:

/usr/local/lsws/bin/lshttpd.5.3.3


Command Line (often faked in exploits):

litespeed (lshttpd - #01)


Network connections by the process (if any):

tcp: 127.0.0.1:52412 -> 127.0.0.1:2082
 

Attachments

Last edited by a moderator:
Top