Suspicious processes and Excessive Resources
Hi folks,
I recently had my data center update WHM/Cpanel to 68.0X and I've been getting flooded with hundreds of CSF emails a day now indicating Suspicious processes and Excessive Resources all related to webalizer for every account on my box, that I never got before.
My data center is suggesting trying increasing some of the process tracking directives for CSF.
I'm not understanding how updating Cpanel should require me to tame CSF so it's not triggered as easily. I like the warnings, I'm very paranoid, but I cant help but to think something is wrong since now that Cpanel has been upgraded I'm getting warnings off every site.
Wondering if someone could shed some light on this for me? I tried posting the same question on the CSF forums and not a sole will respond.
An example of the daily warnings that I get for each account on the server;
Excessive processes
I would like to kindly help me solve this problem because I am a beginner with cpanel and I do not understand almost anything, thanks!
User:hdelitem PID:1363165 PPID:1341933 Run Time:23(secs) Memory:79648(kb) RSS:26472(kb) exe:/usr/local/cpanel/3rdparty/perl/524/bin/perl cmd:cpanellogd - http logs for hdelitem
User:hdelitem PID:1363256 PPID:1363255 Run Time:10(secs) Memory:44512(kb) RSS:3056(kb) exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/portuguese_brazil cmd:/usr/local/cpanel/3rdparty/bin/webalizer_lang/portuguese_brazil -N 10 -D /home/hdelitem/tmp/webalizer/dns_cache.db -R 250 -p -n user -o /home/hdelitem/tmp/webalizer /etc/apache2/logs/domlogs/user.bkup
User:hdelitem PID:1363262 PPID:1363256 Run Time:9(secs) Memory:51344(kb) RSS:1988(kb) exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/portuguese_brazil cmd:/usr/local/cpanel/3rdparty/bin/webalizer_lang/portuguese_brazil -N 10 -D /home/hdelitem/tmp/webalizer/dns_cache.db -R 250 -p -n user -o /home/hdelitem/tmp/webalizer /etc/apache2/logs/domlogs/user.bkup
I would like to kindly help me solve this problem because I am a beginner with cpanel and I do not understand almost anything, thanks!
-
Hi @Hugo Aguiar Looking at the output the issue doesn't appear to be specific to something that cPanel is doing but rather that CSF is warning that cpanellogd/webalizer running under the cPanel user has excessive processes when statistics are being run. Prior to updating did you have statistics being processed? The nature of these processes isn't something that would have changed when updating. Can you show us the output of the following: grep PT_USERPROC /etc/csf/csf.conf
You can also grab the value of PT_USERPROC from WHM>>Plugins>>ConfigServer Security & Firewall -> Configure firewall Essentially it's just saying that your user is running a larger than normal amount of processes, are they all cpanellogd/webalizer/statistics related or are there others? Thanks!0 -
Hi @Hugo Aguiar Looking at the output the issue doesn't appear to be specific to something that cPanel is doing but rather that CSF is warning that cpanellogd/webalizer running under the cPanel user has excessive processes when statistics are being run. Prior to updating did you have statistics being processed? The nature of these processes isn't something that would have changed when updating. Can you show us the output of the following:
grep PT_USERPROC /etc/csf/csf.conf
You can also grab the value of PT_USERPROC from WHM>>Plugins>>ConfigServer Security & Firewall -> Configure firewall Essentially it's just saying that your user is running a larger than normal amount of processes, are they all cpanellogd/webalizer/statistics related or are there others? Thanks!
Yes! with multiple accounts the same error happens0 -
Hi @Hugo Aguiar Personally, I would check the value of PT_USERPROC as suggested before and increase if necessary. Thanks! 0 -
Or better yet, check the csf.pignore file for these entries. If they're not there, add them. You should find by searching that file, entries for webalizer_lang and cpanellogd to work with. This one should be there and remarked out: #pcmd:cpanellogd - (http|ftp) logs for .* And this one could be edited to your language file: exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english I would thnk that'll end the emails. 1 -
Depois de atualizar o cpanel, n"o tive mais problemas 0 -
Feliz em ouvir. ;) 0
Please sign in to leave a comment.
Comments
6 comments