Bu HATAlar nedir?:
lfd on server.XXXXXX.com: Suspicious process running under user dovecot
lfd on server.XXXXXX.com: Suspicious process running under user nobody
lfd on server.XXXXXX.com: Suspicious process running under user haldaemon

Sunucudan sürekli bu tarz hata mailleri alıyorum sebebini veya çözümünü bilen arkadaşlar varsa yardımcı olabilirmi bi kaç kaynak buldum ama yabancı sitelerde pek birşey anlamadım. Ayrıntılar aşağıdadır.

İlginize şimdiden teşekkür ederim..

lfd on server.XXXXXX.com: Suspicious process running under user dovecot


Time:    Tue Sep  7 16:01:28 2010 +0300

PID:     15177
Account: dovecot
Uptime:  1851804 seconds


Executable:

/usr/libexec/dovecot/pop3-login\00\00\00\00\00\00'\00\00\00\90\c9\11 \00\00\00 (deleted)

The file system shows this process is running an executable file that   has been deleted. This typically happens when the original file has  been  replaced by a new file when the application is updated. To prevent  this  being reported again, restart the process that runs this  excecutable  file. See csf.conf and the PT_DELETED text for more  information about  the security implications of processes running  deleted executable files.


Command Line (often faked in exploits):

pop3-login


Network connections by the process (if any):

tcp: 0.0.0.0:110 -> 0.0.0.0:0
tcp: 0.0.0.0:995 -> 0.0.0.0:0


Files open by the process (if any):

/dev/null
/dev/urandom

eventpoll:[88943]
.....

lfd on server.XXXXXX.com: Suspicious process running under user nobody

Time:    Tue Sep  7 16:01:28 2010 +0300
PID:     23649
Account: nobody
Uptime:  1642831 seconds


Executable:

/opt/adobe/fms/fmscore


Command Line (often faked in exploits):

/opt/adobe/fms/fmscore -adaptor _defaultRoot_ -vhost _defaultVHost_ -app  registry -inst registry -tag -conf /opt/adobe/fms/conf/Server.xml -name  _defaultRoot_:_defaultVHost_:registry:registry:


Network connections by the process (if any):

tcp: 127.0.0.1:49577 -> 127.0.0.1:19350
....
lfd on server.XXXXXX.com: Suspicious process running under user haldaemon

Time:    Tue Sep  7 16:01:28 2010 +0300

PID:     2639
Account: haldaemon
Uptime:  1864298 seconds


Executable:

/usr/sbin/hald\00\00\00\00\00\00\00\00 \00\02tty11\00 (deleted)

The file system shows this process is running an executable file that  has been deleted. This typically happens when the original file has been  replaced by a new file when the application is updated. To prevent this  being reported again, restart the process that runs this excecutable  file. See csf.conf and the PT_DELETED text for more information about  the security implications of processes running deleted executable files.


Command Line (often faked in exploits):


hald


Network connections by the process (if any):