What does it mean "Suspicious process running under user mailnull"
Posted on 2015-02-24
I receive this alert from my WHM panel.
What does it mean? Do I have to do anything?
lfd on fff: Suspicious process running under user mailnull
Time: Tue Feb 24 10:51:17 2015 +0200
PID: 29327 (Parent PID:29324)
Uptime: 74 seconds
Command Line (often faked in exploits):
/usr/sbin/exim -Mc 1YQBBq-000004-Pv
Network connections by the process (if any):
tcp: 126.96.36.199:53717 -> 188.8.131.52:110
tcp: 184.108.40.206:55920 -> 220.127.116.11:25
Files open by the process (if any):