lfd

I just installed cPanel + WHM on Almalinux 8.8. All good. I'm now securing it. I noticed its using FirewallD. Is that good or bad? I would like lfd to still automatically block hits from brute force password guessing. Can I still do that? Should I switch to csf? What is recommended?

Could be coincidental, but lfd excessive resource email started at the same time cPanel updated to 110.0.1 today. lfd on vps2.aps123.com: Excessive resource usage: rpc (676 (Parent PID:676)) Time: Tue Apr 4 16:35:31 2023 -0600 Account: rpc Resource: Process Time Exceeded: 19867 > 1800 (seconds)...

Within the last few days I have been experiencing a very high server load, to the point where the only way to reboot the server is to hard reset it. Had the hosting provider look at it and they gave me suggestions about disabling wp-cron on sites and scheduling the tasks through the cpanel...

Hello, For the past few days I have been receiving emails with the following message: Time: Sat Feb 25 20:17:35 2023 +0100 Error: Failed to detect code [Uzu5u0Wiuq8DgDhIZ0MP7H9xUNYs] in SYSLOG_LOG [var/log/messages] SYSLOG may not be running correctly on server.example.com The issue is...

Hi guys, Getting heaps of these messages. Resource: Process Time Exceeded: 63227 > 1800 (seconds) Executable: /opt/cpanel/ea-php56/root/usr/bin/php Resource: Process Time Exceeded: 149631 > 1800 (seconds) Executable: /usr/local/cpanel/3rdparty/wp-toolkit/bin/wpt-panopticon...

Hello, LFD is notifying me via email 3 or more times per day messages like below: Time: Thu Oct 27 08:39:14 2022 -0300 PID: 6479 (Parent PID:6059) Account: nobody Uptime: 119 seconds Executable: /usr/local/cpanel/cgi-sys/autodiscover.cgi Command Line (often faked in exploits)...

Hi guys, Got this alert from one of the cPanel servers (I have 2) Please advise how it should be investigated.

In my logs i'm seeing Subject: lfd on my.server.co.uk: xx.xxx.xx.xxx (GB/United Kingdom/xx.xxx.xx.xxx.dsl.in-addr.zen.co.uk) blocked with too many connections I know exactly what this is, it's a database sync between our internal server and web server. My IP is whitelisted in CSF. Any ideas...

Hello, I come to you because I received several notification emails from my VPS server entitled: LFD - Suspicious process running under user postgres Here is the content of the email I wanted to have your opinion on this subject to know if I should take this alert into account or not? Is...

Hello, I was wondering if anyone could help me with this. We keep receiving messages like this and I am concerned that something is wrong and if not, how can I stop the notifications? Many thanks Time: Mon May 2 10:04:43 2022 -0400 PID: 2072066 (Parent PID:1951773) Account...

my whm version: 100.0.7 apache+nginx+npm+php-fpm I am getting hundredes of alert email from ConfigServer Security & Firewall - csf v14.15 as follows Time: Thu Jan 27 20:29:02 2022 +0530 PID: 2656 (Parent PID:31208) Account: nobody Uptime: 92 seconds Executable: /usr/sbin/nginx...

Hi, i have a lot of lines in /var/log/secure about wptoolkit commands, like this: /var/log/secure: Dec 9 07:00:00 server sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=myuser ; COMMAND=/bin/cagefs_enter stat -c %a...

Hello, How can i disable this email notification `lfd on xxxxxxxxxxxxxxxxxxxxx: WHM/cPanel root access alert from IP xxxxxx` whenever i switch tabs? I want to receive this email only when I/someone logging in to the WHM interface. If i switch browser tab, and if i click some other menu item...

Hi All, I am aware that the following alert is coming from CSF about the php-fpm pool: The server is a brand new installation of cPanel and this is the first account that has been loaded on to the server. All configs are default for cPanel and PHP as well as CSF. Is this really actually...

Hello, CSF/LFD alerts are not being forwarded to my email which I've set on Home »Server Contacts »Edit System Mail Preferences. Where to set the From email in the WHM? Return-path: <root@ns1234> Received: from root by ns1234 with local (Exim 4.94.2) (envelope-from <root@ ns1234>) id...

Hello folks, I have a C panel hosted on Centos 7 server, it's going down frequently. getting some emails that Clamd, LFD, Spamd failing. Please refer attached screenshots Thanks

Hello, today lfd notified me a new WHM/cPanel root access to my VPS by an IP from Romania (it's not mine). When i saw the email, i logged immediately into WHM and i blocked that IP. I changed also my root password. Apparently it seems that everything works fine. My VPS has CSF installed and...

For the last couple of days I've been getting a TON of emails that lfd has failed. I had a cracker upload a backdoor script on 10/7/20 that I thought was fixed, but maybe I was wrong. I'm running WHM / cPanel v.86.0.29 because I'm still using MySQL 5.5, and no one responded on whether there is...

I have Imunfy360 installed and CSF/LDF seem to be uninstalled. I see this message "CSF is installed, but LFD is not running" in the Security Advisor output. I realize the notice is not accurate and can be safely ignore it ( I double check for CSF/LDF via SSH, not installed ). Anything I can...

Hi I am having this annoying issue with LFD flagging LiteSpeed as running under nobody and using excessive resources etc. I've tried adding it to ignore list in WHM using the following regex but it isn't taking. Does anybody have any other suggestions? pexe:^/usr/local/lsws/bin/lshttpd.*$