I have csf installed on Debian server which uses nginx+php5-fpm and see a lot of these
lfd[23293]: Suspicious Process PID:16998 PPID:16122 User:www-data Uptime:824 secs EXE:/usr/sbin/php5-fpm CMD:php-fpm: pool www
lfd[23293]: Suspicious Process PID:17053 PPID:16122 User:www-data Uptime:822 secs EXE:/usr/sbin/php5-fpm CMD:php-fpm: pool www
lfd[23293]: Suspicious Process PID:17113 PPID:16122 User:www-data Uptime:818 secs EXE:/usr/sbin/php5-fpm CMD:php-fpm: pool www
lfd[23293]: Suspicious Process PID:17114 PPID:16122 User:www-data Uptime:818 secs EXE:/usr/sbin/php5-fpm CMD:php-fpm: pool www
in /var/log/lfd.log While the server load is strangely high (+100) and ldf frequently bounce top on cpu usage list. I am wondering whether this signals some attack vector and if so how to counter it?