Excessive resource usage email

kitkit85

Member
Jan 19, 2019
5
0
1
Malaysia
cPanel Access Level
Root Administrator
Time: Thu May 16 02:30:10 2019 +0000
Account: myweb
Resource: Process Time
Exceeded: 3569 > 1800 (seconds)
Executable: /usr/local/cpanel/3rdparty/perl/528/bin/perl
Command Line: spamd child
PID: 4697 (Parent PID:20217)
Killed: No
i am pretty noob in whm , just to check if this is a serious matter that i need to look into ?
or i should ignore this ? is that means someone trying to access my server? or have succeeded..
 

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Knowing what the processes are and which ones can be safely ignored, is essential. Here's a post from the ConfigServer Firewall authors' forums with a few examples such as AWStats and mailman processes you might get email alerts about, and how to ignore them:
Process Tracking and csf.pignore - ConfigServer Community Forum

Here's a cPanel forums search via google for the exact executable in mentioned in your first post, above, worth reading through:
/usr/local/cpanel/3rdparty/perl/528/bin/perl site:forums.cpanel.net

These sorts of emails from CSF/LFD are not unusual; of course, you must take action too. The links provided here should all be helpful for you to be able to take the required steps needed. When you look into the file (/etc/csf/csf.pignore) via ConfigServer Firewall interface in your WebHost Manager, you will see a list of things already added for you. You get there, from here:

pignorefileLFD.png


As for being hacked, if you don't recognize a process that's exceeding its resources and you get an email about it, remember, these emails are your eyes on the server for that sort of thing. Investigate the process, google the process, check these forums for existing threads on that process. All the normal processes that have come up with others, like this one you opened this thread about, have remedies to them.

If you can't find any details about one and are concerned about compromise, you might want to contact your Hosting Provider, or you might want to hire a seasoned Server Admin to take a look for you.