Once, one of the employees opened a web-based email interface (usually located at https://example.com:2096), left the browser window open for a long time, and then the following messages began to arrive at the administrator’s email:
lfd on ixnfo.com: Excessive resource usage: cpanelroundcube (4606 (Parent PID:6760))
Time: Tue Jul 7 16:48:33 2020 +0300
Account: cpanelroundcube
Resource: Process Time
Exceeded: 9023 > 1800 (seconds)
Executable: /usr/local/cpanel/3rdparty/php/73/sbin/php-fpm
Command Line: php-fpm: pool user_cpanelroundcube
PID: 4606 (Parent PID:6760)
Killed: No
Since this behavior is normal, I just turned off notifications for the cpanelroundcube user.
To do this, in the WHM panel, I opened ConfigServer Security & Firewall> lfd – Login Failure Daemon> csf.pignore, Process Tracking (EDIT) and added the line at the end:
user:cpanelroundcube
After that, in the next window that appeared, I clicked to restart CSF.
You can also specify a line manually in the /etc/csf/csf.pignore file.
See also my articles:
- How to solve “LFD: Excessive resource usage”
- How to solve “Suspicious process running under user” and “Excessive resource usage”
- Installing and Configuring Config Server Firewall (CSF) in Ubuntu