Suspicious process running under user nobody - Executable: /usr/local/lsws/bin/lshttpd.5.3.3

Hello Everyone,

we got this alert, since we are beginners we are not able to understand whether it's a possible exploit or just a false alarm, we worry about ports,, thanks in advance

Complete alert is attached
Time:    Sat Nov 10 09:18:33 2018 +0000
PID:     2377 (Parent PID:2374)
Account: nobody
Uptime:  174483 seconds



Command Line (often faked in exploits):

litespeed (lshttpd - #01)

Network connections by the process (if any):

tcp: ->


Last edited by a moderator: