LFD Alerts "Excessive processes running"

  • Really like the plugin, have it installed on several sites on my machine but at least once CPanel (via LFD CSF) sends me an email…

    “Excessive processes running under user xxx”
    User:xxx PID:22618 PPID:22373 Run Time:44(secs) Memory:59472(kb) exe:/usr/bin/php cmd:/usr/bin/php /home/xxx/public_html/wp-login.php

    Shortly after I get an email that my nameserver and mysql servers have gone down, then been recovered by the OS.

    I’m guessing it has something to do the mechanism Login Security Solution uses to slow down response time for suspicious attempts.. has anyone had a similar problems?

    thanks!

    https://www.ads-software.com/extend/plugins/login-security-solution/

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Daniel Convissor

    (@convissor)

    Exactly. The script sleeps (so remains running) for up to 60 seconds.
    Looks like you’ll need to tell those alerts to ignore wp-login.php.

    Thread Starter Lyndon Roeller

    (@lyndonr)

    Thanks for confirming that Daniel. I’m not exactly [resolved] yet though. My problem stems from the second half of my post, the part that says…shortly after my nameserver and mysql server die.

    My web host techs think the plugin is actually crashing them. I wanted to see if anyone had had similar problems. I like the plugin and don’t want to leave it disabled for a few weeks just to see if my machine runs better.

    Perhaps the plugin is running into some PHP process time variables that need to be tweaked? It zaps my available RAM and services start crashing?

    Any thoughts would be appreciated.

    Plugin Author Daniel Convissor

    (@convissor)

    Lyndonr: What are the names and versions of your OS, web server, PHP and database system? Sounds like you’ve got some bugs going on in one or more of them.

    Thread Starter Lyndon Roeller

    (@lyndonr)

    Daniel: running a very simple (and popular) set up. it’s the VPS-2 at knownhost https://www.knownhost.com/managed-vps-packages.html

    WHM 11.36.1 (build 6)
    CentOS 6.4
    Apache/2.2.24
    PHP Version 5.3.23 (handler suphp)
    MySQL 5.5.30

    I did just notice PHP’s core memory_limit is set to 128MB, not sure what happens after that, but I wonder if it’s possible Login Security Solution is tripping that. Still it shouldn’t kill off my other services.

    thank you!

    Plugin Author Daniel Convissor

    (@convissor)

    Hi Lyndonr:

    You’re the only person mentioning these kinds of issues. The plugin has been downloaded about 50,000 times. It sounds like a problem with your hosting company’s setup. I’d look at WHM, whatever that is.

    Sorry I can’t be of more help. Keep me posted.

    –Dan

    Thread Starter Lyndon Roeller

    (@lyndonr)

    I was just throwing this out there to see if other people had experienced this problem, seems you and your 50k don’t have an issue. cool, fine.

    I had a similar problem. Our site was attacked from multiple ips and the number of current PHP processes exceeded 15000 due to the time it takes for the wp-login script to complete. PHP stopped responding.

    I have blocked access to the wp-login page for external IPs to keep the site safe from such attacks. It works but now our external authors and translators must access our VPN to edit the site.

    I have not found a mod with the option to change the location or name of the wp-login script.

    I would prefer to stop php from processing the direct login attempts. Rather than using the referrer which can be spoofed, a similar solution could be to create a page that links to the wp-login page and must be visited first. The script would set a session variable that the wp-login page checks before providing the login form or attempting to process a login request.

    Thanks for your help.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘LFD Alerts "Excessive processes running"’ is closed to new replies.