SOLVED Suspicious processes and Excessive Resources

Hugo Aguiar

Member
Apr 5, 2018
14
1
3
brasil
cPanel Access Level
Root Administrator
Hi folks,
I recently had my data center update WHM/Cpanel to 68.0X and I've been getting flooded with hundreds of CSF emails a day now indicating Suspicious processes and Excessive Resources all related to webalizer for every account on my box, that I never got before.

My data center is suggesting trying increasing some of the process tracking directives for CSF.
I'm not understanding how updating Cpanel should require me to tame CSF so it's not triggered as easily. I like the warnings, I'm very paranoid, but I cant help but to think something is wrong since now that Cpanel has been upgraded I'm getting warnings off every site.

Wondering if someone could shed some light on this for me? I tried posting the same question on the CSF forums and not a sole will respond.

An example of the daily warnings that I get for each account on the server;
Excessive processes
Code:
User:hdelitem PID:1363165 PPID:1341933 Run Time:23(secs) Memory:79648(kb) RSS:26472(kb) exe:/usr/local/cpanel/3rdparty/perl/524/bin/perl cmd:cpanellogd - http logs for hdelitem
User:hdelitem PID:1363256 PPID:1363255 Run Time:10(secs) Memory:44512(kb) RSS:3056(kb) exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/portuguese_brazil cmd:/usr/local/cpanel/3rdparty/bin/webalizer_lang/portuguese_brazil -N 10 -D /home/hdelitem/tmp/webalizer/dns_cache.db -R 250 -p -n user -o /home/hdelitem/tmp/webalizer /etc/apache2/logs/domlogs/user.bkup
User:hdelitem PID:1363262 PPID:1363256 Run Time:9(secs) Memory:51344(kb) RSS:1988(kb) exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/portuguese_brazil cmd:/usr/local/cpanel/3rdparty/bin/webalizer_lang/portuguese_brazil -N 10 -D /home/hdelitem/tmp/webalizer/dns_cache.db -R 250 -p -n user -o /home/hdelitem/tmp/webalizer /etc/apache2/logs/domlogs/user.bkup
I would like to kindly help me solve this problem because I am a beginner with cpanel and I do not understand almost anything, thanks!
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @Hugo Aguiar

Looking at the output the issue doesn't appear to be specific to something that cPanel is doing but rather that CSF is warning that cpanellogd/webalizer running under the cPanel user has excessive processes when statistics are being run. Prior to updating did you have statistics being processed? The nature of these processes isn't something that would have changed when updating. Can you show us the output of the following:

Code:
grep PT_USERPROC /etc/csf/csf.conf
You can also grab the value of PT_USERPROC from WHM>>Plugins>>ConfigServer Security & Firewall -> Configure firewall

Essentially it's just saying that your user is running a larger than normal amount of processes, are they all cpanellogd/webalizer/statistics related or are there others?

Thanks!
 

Hugo Aguiar

Member
Apr 5, 2018
14
1
3
brasil
cPanel Access Level
Root Administrator
Hi @Hugo Aguiar

Looking at the output the issue doesn't appear to be specific to something that cPanel is doing but rather that CSF is warning that cpanellogd/webalizer running under the cPanel user has excessive processes when statistics are being run. Prior to updating did you have statistics being processed? The nature of these processes isn't something that would have changed when updating. Can you show us the output of the following:

Code:
grep PT_USERPROC /etc/csf/csf.conf
You can also grab the value of PT_USERPROC from WHM>>Plugins>>ConfigServer Security & Firewall -> Configure firewall

Essentially it's just saying that your user is running a larger than normal amount of processes, are they all cpanellogd/webalizer/statistics related or are there others?

Thanks!
Yes! with multiple accounts the same error happens
 

Infopro

Well-Known Member
May 20, 2003
17,091
516
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Or better yet, check the csf.pignore file for these entries. If they're not there, add them. You should find by searching that file, entries for webalizer_lang and cpanellogd to work with.

This one should be there and remarked out:
#pcmd:cpanellogd - (http|ftp) logs for .*

And this one could be edited to your language file:
exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english

I would thnk that'll end the emails.
 
  • Like
Reactions: innovaciones