lots of exim procs

[markjohnson]

The load avg is rocketing sky high and there are lots of exim (and perl) processes, run by root and mailnull.

lsof shows most of the connections are being made from 41.219.211.163.

I go to whm >> security centre >> Host access control and add the following to the table:

Daemon: All
Access List: 41.219.0.0
Action: deny


But doing lsof still shows the same IP address running exim and lots of perl processes.

I also tried /sbin/iptables -A INPUT -s 41.219.211.163 -j DROP

But /sbin/iptables --list does not list the blocked IP address.

How can I totally block the culprit IP addresses from all services?

[JawadArshad]

The load avg is rocketing sky high and there are lots of exim (and perl) processes, run by root and mailnull.

lsof shows most of the connections are being made from 41.219.211.163.

I go to whm >> security centre >> Host access control and add the following to the table:

Daemon: All
Access List: 41.219.0.0
Action: deny


But doing lsof still shows the same IP address running exim and lots of perl processes.

I also tried /sbin/iptables -A INPUT -s 41.219.211.163 -j DROP

But /sbin/iptables --list does not list the blocked IP address.

How can I totally block the culprit IP addresses from all services?

If you are on a VPS, ask your host to see if all iptables modules are installed correctly. You may also try installing CSF which is among the most recommended firewalls on cPanel environment.

http://www.configserver.com/free/csf

Once CSF is setup, you can simply run

csf -d 41.219.211.163

[thewebhosting]

We are using CSF firewall and it is a best firewall to block IP addresses doing harmful activity to your server.