via forums.cpanel.net => original post link
Recently I disabled WP-CRON for wordpress and started using CPANEL with WGET to replace it. I’ve started getting emails “lfd on XXXXX: Suspicious process running under user”. I found some instructions on where to go to tell CSF to ignore these in the /etc/csf/csf.pignore edit, but I’m unclear exactly how to do this. Here is what the LFD emails are showing:
Executable:
/home/virtfs/SOMEUSER/usr/bin/wget