Suspicious "spamd child" Process Emails From CSF Firewall Software

If you have a dedicated server or VPS with the Config Server Firewall (CSF) software installed (any dedicated or VPS managed by us has this software installed by default) and are receiving a number of "suspicious process" emails that mention the "spamd child" process, this is the result of a recent update to the CSF software.  The 4.35 version of CSF removed the exclusion it had for the "spamd child" process (this is the spam filter process), so whenever the spamd process is doing a lot of work CSF will identify it as a "suspicious process".  This can be avoided by adding the exclusion back into CSF.  Here's how:

  1. Log into Web Host manager (WHM)
  2. Click on "ConfigServer Security & Firewall" on the left side of the page at the bottom
  3. Click on "lfd Process Ignore" in the "lfd - Login Failure Daemon" section
  4. Add the following line to the list and click "Change":
  5. cmd:spamd child

  6. Click the "Restart lfd" button

You're done!  You should no longer receive emails regarding the "spamd child" process.

Was this answer helpful?

 Print this Article

Also Read

Mod_Rewrite Examples

Here are examples of rules that allow you to do various manipulations using the htaccess file.:...

What is Mod_Rewrite?

Exelwebs uses Apache, the open source HTTP server software, to host your website. Apache can be...

Powered by WHMCompleteSolution