The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Suspicious Process running under user pat / Excessive resource usage: pat

Discussion in 'Security' started by marypearson, Jul 7, 2014.

  1. marypearson

    marypearson Member

    Joined:
    Feb 16, 2014
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I have been swamped with many emails, Subject either "Suspicious Process running under user pat" or "Excessive resource usage: pat" as well as others with username mary.

    mary is my main account. pat is an account that is no longer being used.

    How do I stop people from accessing my server? Are they actually getting in if they are using excessive resources?

    Thank you.
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    These alerts are auto-triggered by CSF and do not necessarily mean anything bad, but they should be reviewed.

    You need the content of the notice to know if it's really bad or not. A lot of things like excessive resource usage show up as false positives when a PHP process uses a lot of memory (for example, wordpress updates use a lot of RAM for a short period of time, often tripping these alerts).

    That said, if the 'pat' account is not used you should terminate it, or at least suspend it via WHM if you want it disabled but still need the data.
     
  3. marypearson

    marypearson Member

    Joined:
    Feb 16, 2014
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Thank you. I will terminate the pat account but what about the other notices?

    I get a lot of "Large Number of Failed Login Attempts" as well. I feel like my server is constantly under attack. I hired a security "expert" a while ago to tighten everything up for me and it was a disaster. It took two weeks to get everything running the way it should, and I know nothing about security.
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Failed login attempts are normal. Pretty much every server on the Internet is constantly under attack, but if you use good passwords it's not of much concern. The average server can see anywhere from tens to thousands of failed login attempts on any given day. Moving SSH to a non-standard port helps a lot with this, but again, with good passwords and the brute force detection that CSF/LFD offers you can pretty well ignore those.

    Regarding the other notices for resource usage or suspect processes, I cannot help you with them without the body of the notifications.
     
  5. SS-Maddy

    SS-Maddy Well-Known Member

    Joined:
    Mar 28, 2009
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    You should be able to get a clear picture about the resource usage of a user by using the command

    top -u username
     
  6. marypearson

    marypearson Member

    Joined:
    Feb 16, 2014
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Many thanks for all your help!
     
Loading...

Share This Page