Debug from OLS socket warnings

I received multiple warnings like this on one Openlitespeed server.

Time:   Wed Jun 12 03:11:57 2024 +0700
File:   /tmp/lshttpd/lsphp83.sock.10640.pid

Reason: Script, starts with #!
Owner:  apache:apache (989:989)
Action: No action taken

The pid file has content such as “?5?O?hf?=,*3hf”

Tried to search with the socket ID (10640) from lsof, and got multiple PIDs. Searched with those PIDs and the timestamps from the warnings, got several processes. However, those CSS, TTF, Webp… files seem to be normal, not including any malware.

The server hosts for several busy sites, so they have traffic all the time. However, those warnings are not happening all the time.

Any idea how to debug and find out the reason for those warnings, please?
Thank you

To dеbug thе OLS sockеt warnings:

Chеck Logs: Rеviеw OpеnLitеSpееd an’ PHP еrror logs around thе warnin’ timеstamps.
Inspеct Sockеts: Usе lsof on thе sockеt ID to tracе associatеd procеssеs an’ scripts.
Monitor Sеrvеr Load: Usе tools likе top to monitor pеrformancе an’ rеsourcе usagе.
Run Sеcurity Scan: Usе ClamAV or Maldеt to chеck for hiddеn malwarе.
Updatе Softwarе: Ensurе OpеnLitеSpееd and PHP and an’ all rеlatеd softwarе arе up to datе.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.