i am pretty noob in whm , just to check if this is a serious matter that i need to look into ?
or i should ignore this ? is that means someone trying to access my server? or have succeeded..
or i should ignore this ? is that means someone trying to access my server? or have succeeded..
Infopro
Well-Known Member
This particular process is SpamAssassin and you should probably set csf to ignore this executable.
i have read thru this tutorial .
but i have a question as well , is this very unusual ? will i being hacked easily ?
Infopro
Well-Known Member
Knowing what the processes are and which ones can be safely ignored, is essential. Here's a post from the ConfigServer Firewall authors' forums with a few examples such as AWStats and mailman processes you might get email alerts about, and how to ignore them:
Process Tracking and csf.pignore - ConfigServer Community Forum
Here's a cPanel forums search via google for the exact executable in mentioned in your first post, above, worth reading through:
/usr/local/cpanel/3rdparty/perl/528/bin/perl site:forums.cpanel.net
These sorts of emails from CSF/LFD are not unusual; of course, you must take action too. The links provided here should all be helpful for you to be able to take the required steps needed. When you look into the file (/etc/csf/csf.pignore) via ConfigServer Firewall interface in your WebHost Manager, you will see a list of things already added for you. You get there, from here:
As for being hacked, if you don't recognize a process that's exceeding its resources and you get an email about it, remember, these emails are your eyes on the server for that sort of thing. Investigate the process, google the process, check these forums for existing threads on that process. All the normal processes that have come up with others, like this one you opened this thread about, have remedies to them.
If you can't find any details about one and are concerned about compromise, you might want to contact your Hosting Provider, or you might want to hire a seasoned Server Admin to take a look for you.
Process Tracking and csf.pignore - ConfigServer Community Forum
Here's a cPanel forums search via google for the exact executable in mentioned in your first post, above, worth reading through:
/usr/local/cpanel/3rdparty/perl/528/bin/perl site:forums.cpanel.net
These sorts of emails from CSF/LFD are not unusual; of course, you must take action too. The links provided here should all be helpful for you to be able to take the required steps needed. When you look into the file (/etc/csf/csf.pignore) via ConfigServer Firewall interface in your WebHost Manager, you will see a list of things already added for you. You get there, from here:
As for being hacked, if you don't recognize a process that's exceeding its resources and you get an email about it, remember, these emails are your eyes on the server for that sort of thing. Investigate the process, google the process, check these forums for existing threads on that process. All the normal processes that have come up with others, like this one you opened this thread about, have remedies to them.
If you can't find any details about one and are concerned about compromise, you might want to contact your Hosting Provider, or you might want to hire a seasoned Server Admin to take a look for you.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| S | Getting tons of Excessive resource usage emails | Security | 1 | |
|
Excessive resource usage: rpc | Security | 3 | |
| D | lfd reporting excessive resource usage / suspicious process "spamd child" | Security | 15 | |
| X | lfd excessive resource usage warnings with litespeed | Security | 3 | |
| M | Excessive resource usage: admin | Security | 1 |