Background Process Killer
Valid for versions 82 through the latest version
Version:
82
Last modified: June 13, 2024
Looking for this interface?
Your hosting provider can enable or disable this interface for resellers in WHM's Edit Reseller Nameservers and Privileges interface (WHM >> Home >> Resellers >> Edit Reseller Nameservers and Privileges).
Overview
This interface allows you to select processes that the system will terminate when the upcp
script calls the system maintenance script (/scripts/maintenance
) every night. After the system terminates a process, it will send you a notification via email.
The background process killer does not terminate processes that run from the /usr/bin
directory because the system assumes that the system administrator intentionally installed programs into that directory (for example, the system administrator installed BitchX
via package).
Setup the process killer
- Select the checkbox that corresponds to the processes that you wish to automatically terminate.
Note:
We recommend that you select all of the available processes.
- If you wish to allow specific users to run any of the processes that you have selected, enter their names in the Trusted users text box.
- For example, if you add
username
to the list, the userusername
can run the processes that you select. - You do not need to add users with a UID below 99.
- For example, if you add
- Click Save.
Processes that this feature can kill
The processes in the following list often result in denial of service attacks (DoS or DDoS) that launch from or against your server.
Malicious users often rename the process so that it is difficult to find. However, this WHM feature detects the process no matter what name it uses, and it automatically shuts the program down.
Process | Description |
---|---|
BitchX |
This is a popular command line IRC (Internet Relay Chat) client. |
bnc |
This is a common IRC bouncer. Bouncers allow users to hide the source of their connection and route traffic through secondary locations. Hackers often use these in denial of service attacks. |
eggdrop |
This is a popular IRC bot. A bot is an automated system that will execute a set of commands. In this case, the bot executes sets of IRC commands to moderate IRC channels (chat rooms). However, attackers can use this program to create botnets for denial of service attacks. |
generic-sniffers |
Third parties use sniffers to collect and analyze packets of information as they transmit between computers. Often, hackers use sniffers to analyze the data for encryption methods and gain access to networks to which they should not have access. |
guardservices |
This is an IRC bot. For more information, see the definition of eggdrop above. |
ircd |
This is the daemon that enables IRC. IRC is an attractive target for malicious users, because the server typically runs for a long period of time. This allows hackers to use packet sniffers to extract information and launch attacks. |
psyBNC |
This is a popular IRC network bouncer. For more information, see the definition for bnc above for more information. |
ptlink |
This is an IRC server. For more information, see the definition of ircd above. |
services |
This is an IRC bot. For more information, see the definition of eggdrop above. |