Hi folks,
I recently had my datacenter update WHM/Cpanel to 11.36X and I've been getting flooded with hundreds of emails a day now indicating Suspicious processes and Excessive processes all related to webalizer for every account on my box.
My data center is suggesting trying increasing some of the process tracking directives for CSF.
I'm not understanding how updating Cpanel should require me to tame CSF so it's not triggered as easily. I like the warnings, I'm very paranoid, but I cant help but to think something is wrong since now that Cpanel has been upgraded I'm getting warnings off every site.
Wondering if someone could shed some light on this for me?
An example of the daily warnings that I get for each account on the server;
Excessive processes
<snippet>
User:finsnet PID:4958 PPID:25884 Run Time:37504041(secs) Memory:105440(kb) exe:/usr/local/cpanel/3rdparty/perl/514/bin/perl cmd:cpanellogd - http logs for finsnet User:finsnet PID:4959 PPID:4958 Run Time:45(secs) Memory:3792(kb) exe:/usr/local/cpanel/bin/cpuwatch cmd:/usr/local/cpanel/bin/logrunner 12.0 /usr/local/cpanel/3rdparty/bin/webalizer_lang/english -N 10 -D /home/finsnet/tmp/webalizer/dns_cache.db -R 250 -p -n finsandfurnet -o /home/finsnet/tmp/webalizer /usr/local/apache/domlogs/finsandfurnet
User:finsnet PID:4960 PPID:4959 Run Time:45(secs) Memory:41204(kb) exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english cmd:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english -N 10 -D /home/finsnet/tmp/webalizer/dns_cache.db -R 250 -p -n finsandfurnet -o /home/finsnet/tmp/webalizer /usr/local/apache/domlogs/finsandfurnet
--------------------------------------------------
Suspicious process
<snippet>
Executable:
/usr/local/cpanel/3rdparty/bin/webalizer_lang/english
Command Line (often faked in exploits):
/usr/local/cpanel/3rdparty/bin/webalizer_lang/english -N 10 -D /home/finsnet/tmp/webalizer/dns_cache.db -R 250 -p -n finsandfurnet -o /home/finsnet/tmp/webalizer /usr/local/apache/domlogs/finsandfurnet
Network connections by the process (if any):
udp: xx.xxx.xxx.xxx:xxxxx -> xxx.xx.xxx.x:xx
Files open by the process (if any):
/home/domlogs/finsandfurnet
/var/cpanel/locale/en.cdb
/home/finsnet/tmp/webalizer/dns_cache.db
Webalizer problems after cpanel update
Re: Webalizer problems after cpanel update
Nobody can help me?
Did I just expose a bug that no one has had the chance to explore yet and patch, or did I just ask a really stupid question that doesnt deserve a reply?
Did I just expose a bug that no one has had the chance to explore yet and patch, or did I just ask a really stupid question that doesnt deserve a reply?
Re: Webalizer problems after cpanel update
Check your CSF.PIGNORE file for these lines:
exe:/usr/local/cpanel/3rdparty/bin/english/webalizer
exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english
if you don't have any of them add it and restart LSF.
Sergio
exe:/usr/local/cpanel/3rdparty/bin/english/webalizer
exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english
if you don't have any of them add it and restart LSF.
Sergio
Re: Webalizer problems after cpanel update
Thanks a ton Sergio.
Do I really want to ignore them though?
Were they ignored before I upgraded Cpanel? and if so, how would they get off my CSF ignore file?
I know I might look stupid, but I just want to make sure I'm not disabling alerts for this when it's an actual problem since it's never occurred before, and now occurs everyday.
I appreciate you assistance.
Do I really want to ignore them though?
Were they ignored before I upgraded Cpanel? and if so, how would they get off my CSF ignore file?
I know I might look stupid, but I just want to make sure I'm not disabling alerts for this when it's an actual problem since it's never occurred before, and now occurs everyday.
I appreciate you assistance.
Re: Webalizer problems after cpanel update
I was just informed that these did not exist on previous versions of Cpanel...so that would answer my question.
Thanks Sergio
Thanks Sergio
Re: Webalizer problems after cpanel update
Glad it worked for you.
Sergio
Sergio