Control Web Panel
WebPanel => CentOS 7 Problems => Topic started by: venty on September 27, 2017, 07:49:00 AM
-
Hi,
For several days I received four messages with the following titles on a regular basis
lfd on hosting.mydom.com: Suspicious process running under user memcached
lfd on hosting.mydom.com: Suspicious process running under user redis
lfd on hosting.mydom.com: Excessive resource usage: memcached (15470 (Parent PID:15470))
lfd on hosting.mydom.com: Excessive resource usage: redis (31787 (Parent PID:31787))
Pls, help...
BR
Venty
-
You can safely ignore that warning from LFD if you verify the process is legitimate. :)
-
I apologize ...
Is it possible for more detailed guidelines for this indication of a legitimate process or where can I read to do it ...
Thanks in advance...
BR
Venty
-
you are the only one who should know what you have installed on your server and mark then as legit if it was installed by you.
You can whitelist that process in this file, you have examples there also
/etc/csf/csf.pignore
restart lfd after this changes
service lfd restart
-
Hi,
thank you very much!
where to find the file /etc/csf/csf.pignore and how to edit?
BR
Venty
-
SSH to you Server.....
and at the prompt type:
nano /etc/csf/csf.pignore
The file will open for editing....
-
Hi,
thank you very much!
I already knew how to access it, but what did I add to it?
Thanks in advance!
BR
Venty
-
you are the only one who should know what you have installed on your server and mark then as legit if it was installed by you.
You can whitelist that process in this file, you have examples there also
/etc/csf/csf.pignore
restart lfd after this changes
service lfd restart
I'm having the same issue:
Excessive resource usage: memcached (929 (Parent PID:929))
Excessive resource usage: redis (931 (Parent PID:931))
Excessive resource usage: rpc (646 (Parent PID:646))
How do I get rid of these?
You say to "ignore" which i tried,but i thinking, why should we ignore it, the Excursiveness is being caused for a reason and Excessive actions are not normal they need to be fixed, suppressing these messages will not resolve the issue.
So what is the fix please, since your suggested method does not as i still keep getting these.
pls dont say i should should if these are legit processes, you were the guys who installed it, not me.
Thanks kindly for your time
-
Isn't there any staff that can help fix this mess they created?
-
Well, arent you gonna reply? I paid for this thing, can someone with some decency reply with a fix please?
-
1. SSH access your server
2. nano /etc/csf/csf.pignore
3. These are the entries I've added for redis:
exe:/usr/bin/redis-server
4. For memcached look at the warning you got in email and put the executable line with a "exe:" before it.
Tell me if it helped.
-
Ive tried those mate, dont work
-
Have you restarted lfd after that?
-
check the csf documentation upon how to add those in pignore
and do you noticed any high usage by this resources ? or you just triggered with the emails.
-
you are the only one who should know what you have installed on your server and mark then as legit if it was installed by you.
You can whitelist that process in this file, you have examples there also
/etc/csf/csf.pignore
restart lfd after this changes
service lfd restart
That's the same useless replies you always give man...
YOU were the ones that installed the server, NOT US.. so how are we supposed to know... why cant you just answer the question ? Do you know how frustrating it is when you're so vague and useless to support us who paid you?
FFS
-
1. SSH access your server
2. nano /etc/csf/csf.pignore
3. These are the entries I've added for redis:
exe:/usr/bin/redis-server
4. For memcached look at the warning you got in email and put the executable line with a "exe:" before it.
Tell me if it helped.
That only ignores it, but does not stop it from happening..
The question we are ALL asking, why does it happen in the first place so we can narrow down the cause and stop it.
But none of the staff here can be bothered to help... It's so frustrating.
-
If anyone wants the answer to this see here - https://www.interserver.net/tips/kb/disable-lfd-excessive-resource-usage-alert/
-
First I use CWP Pro
1. In CWP go to ConfigServer Scripts > ConfigServer firewall > lfd - Login Failure Daemon
2. Select and edit csf.pignore - add this line
exe:/usr/bin/memcached
Attention /bin not /sbin
-
for anyone else with this problem, in the file manager go to /etc/csf/csf.pignore. add 'exe:/usr/bin/memcached' to stop emails. You have to restart 'service lfd restart', or reboot the server whenever is easier.