Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to stop High CPU Usage

Discussion in 'General Discussion' started by Tibbers, Jun 7, 2017.

  1. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hello,
    My Daily process log

    i.gyazo.com/65fbc4788201ece56f0e0395ee7b245a.png

    That spam uses all of the CPU and forces me to reboot the cPanel VPS to get it working again

    The server is pining well during the attack.
     
    #1 Tibbers, Jun 7, 2017
    Last edited by a moderator: Jun 7, 2017
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,170
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please attach images to your posts.

    What spam? You've got several accounts overloading the server, you should take a closer look at them and take action.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Infopro, Jun 7, 2017
  3. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    First thanks for your reply , The attacker is using a script i think spamming php functions around the websites, same files with same websites are running at the same server(Less specs) for a month now but this is an attack/spam/flood

    There is no plugins to limit the usage per user? or to stop those attacks by setting timeout time or banning the spammers ip?

    [​IMG]
     
    #3 Tibbers, Jun 7, 2017
    Last edited by a moderator: Jun 7, 2017
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,170
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Going by your posted image above, it looks like a wordpress site login is being pounded (marceloe) and user rocket has a cron overloading the server.

    Installing Modsecurity and ConfigServer firewall should be of some use. Making sure those accounts are up to date and secure should also help.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 Infopro, Jun 7, 2017
  5. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    ModSecurity is already installed can you link me to ConfigServer firewall installtiong guide ? and is it free?

    And no other plugins to limit the spam or the flood?
     
    #5 Tibbers, Jun 7, 2017
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,170
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You should be able to google that name and find it in less time than it took to ask for a link. :)

    Installing it is straight forward, you'll find install instructions on the listing for it at configserver.com

    Yes, it's free.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 Infopro, Jun 7, 2017
  7. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    I found it thanks :) and installed it too, No other suggested plugins?
     
    #7 Tibbers, Jun 7, 2017
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,170
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    To do what? You should check those accounts for out of date plugins and make sure the wordpress installs are up to date for starters.

    Configuring CSF takes some time to properly setup. Simply installing it is helpful, but not enough.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 Infopro, Jun 7, 2017
  9. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    But i've tried to suspend those account another accounts started the spam instead can't i limit the resources per user?
     
    #9 Tibbers, Jun 7, 2017
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,170
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sounds to me like you've got a couple of rogue user accounts that should be terminated, or worse, compromised accounts that need to be looked at a bit closer. Limiting resources would only slow them down, not end the problems you're faced with.

    You might want to look into hiring someone to assist you with this if you're unsure on what to do next:
    System Administration Services | cPanel Forums
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #10 Infopro, Jun 7, 2017
  11. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    I am sure its not a user spam that rocketfs2 is my own website and its getting attacked too.
     
    #11 Tibbers, Jun 7, 2017
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,700
    Likes Received:
    1,791
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    There's no such functionality in cPanel & WHM, but you may find CloudLinux helpful if you want this functionality:

    CloudLinux - Main | New template

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #12 cPanelMichael, Jun 13, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - stop High Usage
  1. hammerthrow

    Webalizer and AWstats Stopped Functioning

    hammerthrow, Jun 18, 2018 at 11:40 PM, in forum: General Discussion
    Replies:
    4
    Views:
    84
    cPanelLauren
    Jun 21, 2018 at 7:31 AM
  2. Arkaic

    Stop remote destination from being disabled?

    Arkaic, Jun 18, 2018 at 8:17 AM, in forum: Data Protection
    Replies:
    1
    Views:
    46
    cPanelLauren
    Jun 19, 2018 at 9:23 AM
  3. WebHostPro

    SOLVED How do you stop named from creating named.run files?

    WebHostPro, May 22, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    5
    Views:
    96
    cPanelMichael
    May 29, 2018
  4. toyama

    cPanel & WHM change log feed update is stopped.

    toyama, May 6, 2018, in forum: Security
    Replies:
    2
    Views:
    114
    rpvw
    May 19, 2018
  5. rhm.geerts

    Stop old cPanel services?

    rhm.geerts, Apr 23, 2018, in forum: General Discussion
    Replies:
    9
    Views:
    104
    cPanelLauren
    Apr 24, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice