![cpanel whm package cannot use due to limit cpanel whm package cannot use due to limit](https://docs.litespeedtech.com/imgs/cp/cpanel/whm-litespeed-plugin/whm-v4.1.0.0-cpanel-plugin-settings-enable-ec-cert-gen-800.png)
![cpanel whm package cannot use due to limit cpanel whm package cannot use due to limit](https://docs.whmcs.com/img_auth.php/c/c7/Cpanel3.png)
In this case, the following directory was ignored: /tmp/lshttpd/.rtreport* The csf.ignore File and Legitimate IP Blocks This command added the process and restarted the firewall with the new rules.Īnother similar case involved Litespeed's stats plugins dumping to a dedicated /tmp directory /tmp/lshttpd/.rtreport. Doing so meant adding the process to the csf.fignore file like so: echo "/tmp\/pma_template_compiles_*" > /etc/csf/csf.fignore csf -ra Since all of these files were being created under a directory used solely for them, and because nothing else requiring monitoring existed under that directory, ignoring the entire directory recursively was the best option. While this doesn't lead to any direct issues with cPanel & WHM itself, it's contrary to the behavior seen in applications such as Horde and Roundcube where temporary files are stored in the /home/$user/tmp/ directory.īecause CSF/LFD monitors the /tmp directory for suspicious files, this change resulted in false positives alerts with the subject "Suspicious File Alert" referencing files located under the directory matching the pattern "/tmp\/pma_template_compiles_*" where * represents the cPanel account username that accessed PHPMyAdmin via cPanel.
![cpanel whm package cannot use due to limit cpanel whm package cannot use due to limit](https://www.oderland.se/support/wp-content/uploads/2019/07/new_account_accountlimit-1.png)
Internal case CPANEL-23314 is open to address an issue in cPanel & WHM version 76 where accessing phpMyAdmin as a cPanel user leads to the creation of pma_template_compiles_$user files in the system's /tmp directory.
#Cpanel whm package cannot use due to limit update
For example, a recent cPanel update temporarily changed where PHPMyAdmin temporary files were stored. This file's purpose is to list directories that the LFD directory watching feature should ignore. The cPanel update logs are located here: /var/cpanel/updatelogs/ The csf.fignore file and Legitimate Directory Content AlertsĬSF/LFD also contains a csf.fignore file that can be accessed the same way that the csf.pignore file is. The yum update log is located here: /var/log/yum.log You can search the yum update log and the cPanel update logs for entries suggesting updates to these binaries just prior to these alerts having been sent. You must determine if these binaries were changed due to updates or via some other means. If the change is unexpected it should be investigated: This could be a result of an OS update or application upgrade. This means that the file has been changed in some way. One must first determine if this is the case before ignoring the email.Īn example email may be one such as the following, which one may receive following an automatic cPanel update: The following list of files have FAILED the md5sum comparison test. This is not always a false positive, so please don't automatically ignore this alert! This mostly is a false positive and the results of updates that have updated packages. One such case of this is with SpamAssassin (see spamd below). The executable is usually best to whitelist when considering the executable versus the command, but if the executable changes often, you may be better to whitelist the command. If the process is one of those that will underrun under its own user, such as postgres, then it should be fine to add the postgres username to the ignore file. To determine whether it is best to ignore the user, the executable, or the command, you should know a little bit about the process. You can either do this from SSH or via WHM.
![cpanel whm package cannot use due to limit cpanel whm package cannot use due to limit](https://blacknight.blog/wp-content/uploads/2020/09/cpanel-whm-settings-to-change-on-a-dedicated-server.png)
To stop the notifications, all you need to do is add either the executable, the command, or the user (depending on the type of notification received) to the firewall's process ignore file located at /etc/csf/csf.pignore and then restart the firewall. In fact, it is best to disable them so that when alerts are sent from the firewall, your inbox won't be inundated with false positives making you less likely to notice those important alerts that could indicate something more serious. The good thing is that you don't have to continue to receive these alerts. This list is specific to cPanel servers running CSF/LFD firewall. That is why cPanelCentral has compiled a list of some common alerts that are mostly false positives and provided the instructions for stopping the notifications. It is worrisome when you receive a notification from the firewall regarding a suspicious process, especially for those processes that you do not readily recognize.