Background Process Killer
Posted by Matthew Jeffels, Last modified by Matthew Jeffels on 29 December 2016 01:07 PM

Background Process Killer

This interface allows you to select processes that will be terminated when the update script (upcp) calls the system maintenance script every night. Once the system has terminated a process it will send you a notification via email.

This feature will not kill process that run from the /usr/bin directory. This is because it assumes that the system administrator intentionally installed the programs into that directory.

Setup the Process Killer

To setup the process killer you will need to do the following;

Select the checkbox that corresponds to the processes that you wish to have the process killer automatically terminate, it is recommended by WHM & cPanel that you select all of the available processes.

If you wish to allow specific users to run any of the processes that you have selected enter their names into the trusted users textbox.

For example if you add "username" to the list, the user "username" will be able to run the process that you have selected.
You do not need to add users that have a UID that is below 99.

Finally click "Save" to update your changes.

Processes that this Feature can Kill

The processes in the following section often result in a denial of service attacks (DoS or DDoS) that is launched from or against your server.

Malicious users will often rename the process so that it is difficult to find. However this feature will detect the process no matter what name that it is using, and then automatically shut the program down.

Some of the common processes include;

BitchX - This is a popular command line IRC (Internet Relay Chat) client.
bnc - This is a common IRC bouncer. Bouncers allow users to hide the source of their connection and route traffic through secondary locations. Hackers often use these in denial of service attacks.
eggdrop - This is a popular IRC bot. A bot is an automated system that will execute a set of commands. In this case, the bot executes sets of IRC commands to moderate IRC channels (chat rooms). However, attackers can use this program to create botnets for denial of service attacks.
generic-sniffers - Third parties use sniffers to collect and analyze packets of information as they transmit between computers. Often, hackers use sniffers to analyze the data for encryption methods and gain access to networks to which they should not have access.
guardservices - This is an IRC bot. For more information, see the definition of eggdrop above.
ircd - This is the daemon that enables IRC. IRC is an attractive target for malicious users, because the server typically runs for a long period of time. This allows hackers to use packet sniffers to extract information and launch attacks.
psyBNC - This is a popular IRC network bouncer. For more information, see the definition for bnc above for more information.
ptlink - This is an IRC server. For more information, see the definition of ircd above.
services - This is an IRC bot. For more information, see the definition of eggdrop above.

Thanks

Matt Jeffels
PAC Web Hosting

(0 vote(s))
Helpful
Not helpful

Comments (0)