Suspicious Process running under user pat / Excessive resource usage: pat

marypearson

Member
Feb 16, 2014
9
0
1
cPanel Access Level
Website Owner
I have been swamped with many emails, Subject either "Suspicious Process running under user pat" or "Excessive resource usage: pat" as well as others with username mary.

mary is my main account. pat is an account that is no longer being used.

How do I stop people from accessing my server? Are they actually getting in if they are using excessive resources?

Thank you.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
These alerts are auto-triggered by CSF and do not necessarily mean anything bad, but they should be reviewed.

You need the content of the notice to know if it's really bad or not. A lot of things like excessive resource usage show up as false positives when a PHP process uses a lot of memory (for example, wordpress updates use a lot of RAM for a short period of time, often tripping these alerts).

That said, if the 'pat' account is not used you should terminate it, or at least suspend it via WHM if you want it disabled but still need the data.
 

marypearson

Member
Feb 16, 2014
9
0
1
cPanel Access Level
Website Owner
Thank you. I will terminate the pat account but what about the other notices?

I get a lot of "Large Number of Failed Login Attempts" as well. I feel like my server is constantly under attack. I hired a security "expert" a while ago to tighten everything up for me and it was a disaster. It took two weeks to get everything running the way it should, and I know nothing about security.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Failed login attempts are normal. Pretty much every server on the Internet is constantly under attack, but if you use good passwords it's not of much concern. The average server can see anywhere from tens to thousands of failed login attempts on any given day. Moving SSH to a non-standard port helps a lot with this, but again, with good passwords and the brute force detection that CSF/LFD offers you can pretty well ignore those.

Regarding the other notices for resource usage or suspect processes, I cannot help you with them without the body of the notifications.
 

SS-Maddy

Well-Known Member
Mar 28, 2009
130
18
68
cPanel Access Level
Root Administrator
You should be able to get a clear picture about the resource usage of a user by using the command

top -u username