Odd thing is happening right now on 1 of our servers. Customer web-site was hacked. I disabled the web-site in ISPC but still the ps -panut shows this... Even after I restarted Apache (notice that there is no nginx installed on this server.) Edit: Reboot of the server closed the site.