The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

stop command

Discussion in 'Security' started by azednet, Feb 5, 2013.

  1. azednet

    azednet Registered

    Joined:
    Feb 5, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    hello,

    in process manager i found this command:

    /bin/ps -ewwo pid,uid,user,nice,pmem,pcpu,command

    with cpu more than 46.0%

    how can i stop this command?

    thanks
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You might want to hire a security expert to take a closer look at your system.
    Sys Admin Services | cPanel App Catalog


    There are links beside each item in Process Manager titled (Kill) that would kill this I think. But my guess is, not for long. If there's a owner name listed there with a valid account on your server, I think I would suspend it.
     
  3. azednet

    azednet Registered

    Joined:
    Feb 5, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    thank you, how can i find the account which run this command please?
     
  4. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    The user running the command is going to be in the process list, which you can view using either top or ps.
     
  5. azednet

    azednet Registered

    Joined:
    Feb 5, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    hello, i cant find the user in top; any idea please
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    What does it say on the Process Manager page?
     
  7. azednet

    azednet Registered

    Joined:
    Feb 5, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Pid Owner Priority CPU % Memory % Command
    30134 (Trace) (Kill) root 0 48.0 0.0 /bin/ps -ewwo pid,uid,user,nice,pmem,pcpu,command
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Click kill there and go find an expert at the link I posted above.

    cPanel is not able to assist with compromised servers, AFAIK, if that's what this is. You could put in a ticket to ask, but I believe this to be true.
     
  9. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Server security is ultimately the responsibility of the server admin. The only security support we provide is to determine if a cPanel component allowed a security problem to happen.

    If you suspect a security problem on your server, you really need to hire a security admin as soon as possible to determine the extent of the problem and advise you on the best way to mitigate it. We have a list of companies that offer security admin services in our application catalog here:

    cPanel App Catalog

    If your server is root compromised, the only way to be sure to get rid of the compromise is to format the hard drive, reinstall the operating system and cPanel, and restore your accounts from backups that were made before the compromise happened.
     
Loading...

Share This Page