Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Suspicious processes and Excessive Resources

Discussion in 'General Discussion' started by Hugo Aguiar, May 4, 2018.

  1. Hugo Aguiar

    Hugo Aguiar Member

    Joined:
    Apr 5, 2018
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    brasil
    cPanel Access Level:
    Root Administrator
    Hi folks,
    I recently had my data center update WHM/Cpanel to 68.0X and I've been getting flooded with hundreds of CSF emails a day now indicating Suspicious processes and Excessive Resources all related to webalizer for every account on my box, that I never got before.

    My data center is suggesting trying increasing some of the process tracking directives for CSF.
    I'm not understanding how updating Cpanel should require me to tame CSF so it's not triggered as easily. I like the warnings, I'm very paranoid, but I cant help but to think something is wrong since now that Cpanel has been upgraded I'm getting warnings off every site.

    Wondering if someone could shed some light on this for me? I tried posting the same question on the CSF forums and not a sole will respond.

    An example of the daily warnings that I get for each account on the server;
    Excessive processes
    Code:
    User:hdelitem PID:1363165 PPID:1341933 Run Time:23(secs) Memory:79648(kb) RSS:26472(kb) exe:/usr/local/cpanel/3rdparty/perl/524/bin/perl cmd:cpanellogd - http logs for hdelitem
    User:hdelitem PID:1363256 PPID:1363255 Run Time:10(secs) Memory:44512(kb) RSS:3056(kb) exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/portuguese_brazil cmd:/usr/local/cpanel/3rdparty/bin/webalizer_lang/portuguese_brazil -N 10 -D /home/hdelitem/tmp/webalizer/dns_cache.db -R 250 -p -n user -o /home/hdelitem/tmp/webalizer /etc/apache2/logs/domlogs/user.bkup
    User:hdelitem PID:1363262 PPID:1363256 Run Time:9(secs) Memory:51344(kb) RSS:1988(kb) exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/portuguese_brazil cmd:/usr/local/cpanel/3rdparty/bin/webalizer_lang/portuguese_brazil -N 10 -D /home/hdelitem/tmp/webalizer/dns_cache.db -R 250 -p -n user -o /home/hdelitem/tmp/webalizer /etc/apache2/logs/domlogs/user.bkup
    
    I would like to kindly help me solve this problem because I am a beginner with cpanel and I do not understand almost anything, thanks!
     
    #1 Hugo Aguiar, May 4, 2018
    Last edited by a moderator: May 4, 2018
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,851
    Likes Received:
    135
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Hugo Aguiar

    Looking at the output the issue doesn't appear to be specific to something that cPanel is doing but rather that CSF is warning that cpanellogd/webalizer running under the cPanel user has excessive processes when statistics are being run. Prior to updating did you have statistics being processed? The nature of these processes isn't something that would have changed when updating. Can you show us the output of the following:

    Code:
    grep PT_USERPROC /etc/csf/csf.conf 
    You can also grab the value of PT_USERPROC from WHM>>Plugins>>ConfigServer Security & Firewall -> Configure firewall

    Essentially it's just saying that your user is running a larger than normal amount of processes, are they all cpanellogd/webalizer/statistics related or are there others?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Hugo Aguiar

    Hugo Aguiar Member

    Joined:
    Apr 5, 2018
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    brasil
    cPanel Access Level:
    Root Administrator
    Yes! with multiple accounts the same error happens
     
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,851
    Likes Received:
    135
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Hugo Aguiar

    Personally, I would check the value of PT_USERPROC as suggested before and increase if necessary.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,261
    Likes Received:
    390
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Or better yet, check the csf.pignore file for these entries. If they're not there, add them. You should find by searching that file, entries for webalizer_lang and cpanellogd to work with.

    This one should be there and remarked out:
    #pcmd:cpanellogd - (http|ftp) logs for .*

    And this one could be edited to your language file:
    exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english

    I would thnk that'll end the emails.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Hugo Aguiar

    Hugo Aguiar Member

    Joined:
    Apr 5, 2018
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    brasil
    cPanel Access Level:
    Root Administrator
    Depois de atualizar o cpanel, não tive mais problemas
     
    Infopro likes this.
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,261
    Likes Received:
    390
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Feliz em ouvir. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice