Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

ConfigServer eXploit Scanner (CXS) eating too much CPU
New on LowEndTalk? Please Register and read our Community Rules.

ConfigServer eXploit Scanner (CXS) eating too much CPU

yogeshzadeyogeshzade Member
in Help

I am using CXS antimalware (https://configserver.com/cp/cxs.html) from last two months. It's performing well for my Shared Hosting server but overeating CPU. Is there anyone facing the same issue?

Comments

  • TheLinuxBugTheLinuxBug Member
    edited November 2018

    Have you reviewed the logs? Generally this means you have some set of files that keep being uploaded / updated or a folder with large amounts of file changes which it keeps having to scan. If you check the logs for it, you should be able to see this and you can exclude specific folders/files in the cxs.conf file and restart cxswatch to calm some of the load you are seeing.

    Cheers!

    Thanked by 2yogeshzade coreflux
  • yogeshzadeyogeshzade Member

    @TheLinuxBug said:
    Have you reviewed the logs? Generally this means you have some set of files that keep being uploaded / updated or a folder with large amounts of file changes which it keeps having to scan. If you check the logs for it, you should be able to see this and you can exclude specific folders/files in the cxs.conf file and restart cxswatch to calm some of the load you are seeing.

    Cheers!

    Is https://www.imunify360.com best ?

  • TheLinuxBugTheLinuxBug Member
    edited November 2018

    @yogeshzade said:

    @TheLinuxBug said:
    Have you reviewed the logs? Generally this means you have some set of files that keep being uploaded / updated or a folder with large amounts of file changes which it keeps having to scan. If you check the logs for it, you should be able to see this and you can exclude specific folders/files in the cxs.conf file and restart cxswatch to calm some of the load you are seeing.

    Cheers!

    Is https://www.imunify360.com best ?

    I have no idea what you are asking here, but I think the default log path for CXSwatch is /var/log/cxswatch.log you should review the log and find which items / folders are continually being re-scanned over and over again and exclude them in /etc/cxs/cxs.ignore adding entries like:

    file:/home/user/public_html/file.exe
file:/home/user/public_html/mmm5k/file1.tar.gz
file:/home/user/public_html/public/file18.zip

etc.

    It will even give you warnings about this in the log, like:

    Nov  1 12:30:25  cxswatch[2681356]: WARNING: '/home/user/public_html/domain.com/wp-content/cache/preload_permalink.txt' scanned 6 times in the last 30 seconds, you might want to ignore this resource

    Cheers!

    Thanked by 1yogeshzade
  • yogeshzadeyogeshzade Member

    @TheLinuxBug said:

    @yogeshzade said:

    @TheLinuxBug said:
    Have you reviewed the logs? Generally this means you have some set of files that keep being uploaded / updated or a folder with large amounts of file changes which it keeps having to scan. If you check the logs for it, you should be able to see this and you can exclude specific folders/files in the cxs.conf file and restart cxswatch to calm some of the load you are seeing.

    Cheers!

    Is https://www.imunify360.com best ?

    I have no idea what you are asking here, but I think the default log path for CXSwatch is /var/log/cxswatch.log you should review the log and find which items / folders are continually being re-scanned over and over again and exclude them in /etc/cxs/cxs.ignore adding entries like:

    > file:/home/user/public_html/file.exe
> file:/home/user/public_html/mmm5k/file1.tar.gz
> file:/home/user/public_html/public/file18.zip
> 
> etc.
>

    It will even give you warnings about this in the log, like:

    > Nov  1 12:30:25  cxswatch[2681356]: WARNING: '/home/user/public_html/domain.com/wp-content/cache/preload_permalink.txt' scanned 6 times in the last 30 seconds, you might want to ignore this resource
>

    Cheers!

    Thank you so much for your detailed instructions. But I was asking you that instead of CXS I am thinking to go with https://www.imunify360.com, I believe there is only one way to reduce the server load.

  • TheLinuxBugTheLinuxBug Member
    edited November 2018

    yogeshzade said: Thank you so much for your detailed instructions. But I was asking you that instead of CXS I am thinking to go with https://www.imunify360.com, I believe there is only one way to reduce the server load.

    Well, seeing as we employ CXS on all of the cPanel shared servers we run at the company I work for and we don't seem to run into server load issues, unless what I suggested above is happening, I can't suggest another product as we haven't had a need to look for another solution. Generally, if you review and configure CXS correctly you shouldn't have any wild load issues caused by it. I would bet, as mentioned before, that you have some paths that have files constantly updating that you need to exclude and it would likely stop the load issue you are seeing.

    Cheers!

    Thanked by 3yogeshzade hostdare coreflux
Sign In or Register to comment.