PeterTouw
Verified User
process "/usr/bin/perl /usr/sbin/csf -dr [IP.add.re.ss]" uses a lot of CPU
csf -dr [IP.add.re.ss] Unblock an IP and remove from /etc/csf/csf.deny
A year ago I added a lot of IP addresses to csf.deny because I wanted to block these permanently.
So I inserted these into csf.deny.
Entry examples:
123.123.123.123 # do not delete
124.124.124.124 # do not delete
etc.
Got this info from:
How can I permanently block IP?
Your answer is in the documentation of csf.deny:
# Note: If you add the text "do not delete" to the comments of an entry then
# DENY_IP_LIMIT will ignore those entries and not remove them
Simply append 'do not delete' somewhere on the deny line, i.e.
Code:
123.123.123.123 # do not delete
The first of June 2020 CSF started trying to delete these IP addresses from csf.deny but didn't succeed because of '# do not delete' remark.
CSF was trying this again and again with different IP addresses.
This process was very CPU intensive, about 60% CPU
Solution to stop this process
IP addresses with '# do not delete' in csf.deny
changed from
123.123.123.123 # do not delete
to
123.123.123.123 # lfd: (smtpauth)
CSF removed these changed lines immediately.
And CPU usage was normal again.
Question:
Any idea why this process, process "/usr/bin/perl /usr/sbin/csf -dr [IP.add.re.ss]", did start, does CSF wants to delete these entries after 1 year?
Didn't see this process running on my VPS before.
Thanks so far.
csf -dr [IP.add.re.ss] Unblock an IP and remove from /etc/csf/csf.deny
A year ago I added a lot of IP addresses to csf.deny because I wanted to block these permanently.
So I inserted these into csf.deny.
Entry examples:
123.123.123.123 # do not delete
124.124.124.124 # do not delete
etc.
Got this info from:
How can I permanently block IP?
How can I permanently block IP?
I know this functionality exists in CSF but when server gets hit with distributed email attack it could be hundreds of IPs every minute, CSF blocks them but doesn't take long to hit the limit which would unblock them again. Increasing the limit won't do much because there is just too many IPs...
forums.cpanel.net
# Note: If you add the text "do not delete" to the comments of an entry then
# DENY_IP_LIMIT will ignore those entries and not remove them
Simply append 'do not delete' somewhere on the deny line, i.e.
Code:
123.123.123.123 # do not delete
The first of June 2020 CSF started trying to delete these IP addresses from csf.deny but didn't succeed because of '# do not delete' remark.
CSF was trying this again and again with different IP addresses.
This process was very CPU intensive, about 60% CPU
Solution to stop this process
IP addresses with '# do not delete' in csf.deny
changed from
123.123.123.123 # do not delete
to
123.123.123.123 # lfd: (smtpauth)
CSF removed these changed lines immediately.
And CPU usage was normal again.
Question:
Any idea why this process, process "/usr/bin/perl /usr/sbin/csf -dr [IP.add.re.ss]", did start, does CSF wants to delete these entries after 1 year?
Didn't see this process running on my VPS before.
Thanks so far.