Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to stop High CPU Usage

Discussion in 'General Discussion' started by Tibbers, Jun 7, 2017.

  1. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hello,
    My Daily process log

    i.gyazo.com/65fbc4788201ece56f0e0395ee7b245a.png

    That spam uses all of the CPU and forces me to reboot the cPanel VPS to get it working again

    The server is pining well during the attack.
     
    #1 Tibbers, Jun 7, 2017
    Last edited by a moderator: Jun 7, 2017
  2. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,829
    Likes Received:
    476
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please attach images to your posts.

    What spam? You've got several accounts overloading the server, you should take a closer look at them and take action.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Infopro, Jun 7, 2017
  3. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    First thanks for your reply , The attacker is using a script i think spamming php functions around the websites, same files with same websites are running at the same server(Less specs) for a month now but this is an attack/spam/flood

    There is no plugins to limit the usage per user? or to stop those attacks by setting timeout time or banning the spammers ip?

    [​IMG]
     
    #3 Tibbers, Jun 7, 2017
    Last edited by a moderator: Jun 7, 2017
  4. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,829
    Likes Received:
    476
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Going by your posted image above, it looks like a wordpress site login is being pounded (marceloe) and user rocket has a cron overloading the server.

    Installing Modsecurity and ConfigServer firewall should be of some use. Making sure those accounts are up to date and secure should also help.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 Infopro, Jun 7, 2017
  5. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    ModSecurity is already installed can you link me to ConfigServer firewall installtiong guide ? and is it free?

    And no other plugins to limit the spam or the flood?
     
    #5 Tibbers, Jun 7, 2017
  6. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,829
    Likes Received:
    476
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You should be able to google that name and find it in less time than it took to ask for a link. :)

    Installing it is straight forward, you'll find install instructions on the listing for it at configserver.com

    Yes, it's free.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 Infopro, Jun 7, 2017
  7. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    I found it thanks :) and installed it too, No other suggested plugins?
     
    #7 Tibbers, Jun 7, 2017
  8. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,829
    Likes Received:
    476
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    To do what? You should check those accounts for out of date plugins and make sure the wordpress installs are up to date for starters.

    Configuring CSF takes some time to properly setup. Simply installing it is helpful, but not enough.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 Infopro, Jun 7, 2017
  9. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    But i've tried to suspend those account another accounts started the spam instead can't i limit the resources per user?
     
    #9 Tibbers, Jun 7, 2017
  10. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,829
    Likes Received:
    476
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sounds to me like you've got a couple of rogue user accounts that should be terminated, or worse, compromised accounts that need to be looked at a bit closer. Limiting resources would only slow them down, not end the problems you're faced with.

    You might want to look into hiring someone to assist you with this if you're unsure on what to do next:
    System Administration Services | cPanel Forums
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #10 Infopro, Jun 7, 2017
  11. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    I am sure its not a user spam that rocketfs2 is my own website and its getting attacked too.
     
    #11 Tibbers, Jun 7, 2017
  12. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,009
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    There's no such functionality in cPanel & WHM, but you may find CloudLinux helpful if you want this functionality:

    CloudLinux - Main | New template

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #12 cPanelMichael, Jun 13, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - stop High Usage
  1. shahzaibmushtaq

    New Thread Unable to stop cron mails

    shahzaibmushtaq, May 27, 2019 at 7:58 AM, in forum: E-mail Discussion
    Replies:
    0
    Views:
    0
    shahzaibmushtaq
    May 27, 2019 at 7:58 AM
  2. chengkinhung

    IMAP/POP3 stop when cPanel license expired

    chengkinhung, May 14, 2019, in forum: E-mail Discussion
    Replies:
    5
    Views:
    296
    albatroz
    May 16, 2019
  3. easyprosys

    cpHULKD keep stopping and restarting

    easyprosys, May 12, 2019, in forum: Security
    Replies:
    1
    Views:
    144
    cPanelLauren
    May 14, 2019
  4. Trane Francks

    Definitive way to stop misdirected bounces/backscatter

    Trane Francks, May 2, 2019, in forum: E-mail Discussion
    Replies:
    15
    Views:
    491
    Trane Francks
    May 8, 2019
  5. aeroweb

    Stop brute force email logins?

    aeroweb, Apr 20, 2019, in forum: E-mail Discussion
    Replies:
    6
    Views:
    449
    cPanelLauren
    Apr 24, 2019

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice