Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to stop High CPU Usage

Discussion in 'General Discussion' started by Tibbers, Jun 7, 2017.

  1. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hello,
    My Daily process log

    i.gyazo.com/65fbc4788201ece56f0e0395ee7b245a.png

    That spam uses all of the CPU and forces me to reboot the cPanel VPS to get it working again

    The server is pining well during the attack.
     
    #1 Tibbers, Jun 7, 2017
    Last edited by a moderator: Jun 7, 2017
  2. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,651
    Likes Received:
    450
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please attach images to your posts.

    What spam? You've got several accounts overloading the server, you should take a closer look at them and take action.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Infopro, Jun 7, 2017
  3. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    First thanks for your reply , The attacker is using a script i think spamming php functions around the websites, same files with same websites are running at the same server(Less specs) for a month now but this is an attack/spam/flood

    There is no plugins to limit the usage per user? or to stop those attacks by setting timeout time or banning the spammers ip?

    [​IMG]
     
    #3 Tibbers, Jun 7, 2017
    Last edited by a moderator: Jun 7, 2017
  4. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,651
    Likes Received:
    450
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Going by your posted image above, it looks like a wordpress site login is being pounded (marceloe) and user rocket has a cron overloading the server.

    Installing Modsecurity and ConfigServer firewall should be of some use. Making sure those accounts are up to date and secure should also help.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 Infopro, Jun 7, 2017
  5. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    ModSecurity is already installed can you link me to ConfigServer firewall installtiong guide ? and is it free?

    And no other plugins to limit the spam or the flood?
     
    #5 Tibbers, Jun 7, 2017
  6. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,651
    Likes Received:
    450
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You should be able to google that name and find it in less time than it took to ask for a link. :)

    Installing it is straight forward, you'll find install instructions on the listing for it at configserver.com

    Yes, it's free.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 Infopro, Jun 7, 2017
  7. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    I found it thanks :) and installed it too, No other suggested plugins?
     
    #7 Tibbers, Jun 7, 2017
  8. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,651
    Likes Received:
    450
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    To do what? You should check those accounts for out of date plugins and make sure the wordpress installs are up to date for starters.

    Configuring CSF takes some time to properly setup. Simply installing it is helpful, but not enough.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 Infopro, Jun 7, 2017
  9. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    But i've tried to suspend those account another accounts started the spam instead can't i limit the resources per user?
     
    #9 Tibbers, Jun 7, 2017
  10. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,651
    Likes Received:
    450
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sounds to me like you've got a couple of rogue user accounts that should be terminated, or worse, compromised accounts that need to be looked at a bit closer. Limiting resources would only slow them down, not end the problems you're faced with.

    You might want to look into hiring someone to assist you with this if you're unsure on what to do next:
    System Administration Services | cPanel Forums
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #10 Infopro, Jun 7, 2017
  11. Tibbers

    Tibbers Member

    Joined:
    Jun 6, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    I am sure its not a user spam that rocketfs2 is my own website and its getting attacked too.
     
    #11 Tibbers, Jun 7, 2017
  12. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,774
    Likes Received:
    1,995
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    There's no such functionality in cPanel & WHM, but you may find CloudLinux helpful if you want this functionality:

    CloudLinux - Main | New template

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #12 cPanelMichael, Jun 13, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - stop High Usage
  1. Hosam Zewain

    Website stops working after changing account IP

    Hosam Zewain, Dec 16, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    2
    Views:
    168
    cPanelLauren
    Dec 18, 2018
  2. JohnnyVPS

    Stop automatically filling out wordpress in subdirectory

    JohnnyVPS, Dec 13, 2018, in forum: Workarounds and Optimization
    Replies:
    1
    Views:
    227
    cPanelMichael
    Dec 17, 2018
  3. Scott Galambos

    Stop auto-builds?

    Scott Galambos, Dec 12, 2018, in forum: EasyApache
    Replies:
    1
    Views:
    264
    cPanelLauren
    Dec 17, 2018
  4. iwantlogs

    Logging spontaneously stopped

    iwantlogs, Dec 9, 2018, in forum: General Discussion
    Replies:
    7
    Views:
    301
    cPanelMichael
    Dec 12, 2018
  5. pigbrain

    SOLVED How do I stop cpsrvd from listening on port 80?

    pigbrain, Nov 8, 2018, in forum: General Discussion
    Replies:
    2
    Views:
    226
    pigbrain
    Nov 9, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice