Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Excessive resource usage email

Discussion in 'Security' started by kitkit85, May 15, 2019.

  1. kitkit85

    kitkit85 Member

    Joined:
    Jan 19, 2019
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Malaysia
    cPanel Access Level:
    Root Administrator
    i am pretty noob in whm , just to check if this is a serious matter that i need to look into ?
    or i should ignore this ? is that means someone trying to access my server? or have succeeded..
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,880
    Likes Received:
    482
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,463
    Likes Received:
    179
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    This particular process is SpamAssassin and you should probably set csf to ignore this executable.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. kitkit85

    kitkit85 Member

    Joined:
    Jan 19, 2019
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Malaysia
    cPanel Access Level:
    Root Administrator
  5. kitkit85

    kitkit85 Member

    Joined:
    Jan 19, 2019
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Malaysia
    cPanel Access Level:
    Root Administrator
    means its not important at all is it ?
    its can be either ignored or set CSF to ignore it ?
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,880
    Likes Received:
    482
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Knowing what the processes are and which ones can be safely ignored, is essential. Here's a post from the ConfigServer Firewall authors' forums with a few examples such as AWStats and mailman processes you might get email alerts about, and how to ignore them:
    Process Tracking and csf.pignore - ConfigServer Community Forum

    Here's a cPanel forums search via google for the exact executable in mentioned in your first post, above, worth reading through:
    /usr/local/cpanel/3rdparty/perl/528/bin/perl site:forums.cpanel.net

    These sorts of emails from CSF/LFD are not unusual; of course, you must take action too. The links provided here should all be helpful for you to be able to take the required steps needed. When you look into the file (/etc/csf/csf.pignore) via ConfigServer Firewall interface in your WebHost Manager, you will see a list of things already added for you. You get there, from here:

    pignorefileLFD.png


    As for being hacked, if you don't recognize a process that's exceeding its resources and you get an email about it, remember, these emails are your eyes on the server for that sort of thing. Investigate the process, google the process, check these forums for existing threads on that process. All the normal processes that have come up with others, like this one you opened this thread about, have remedies to them.

    If you can't find any details about one and are concerned about compromise, you might want to contact your Hosting Provider, or you might want to hire a seasoned Server Admin to take a look for you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice