BuycPanel Blog

BuycPanel Blog

Latest news and updates

What is the Background Process Killer?

Posted by Allura on 14 02 2018.

Overview

This interface allows the user to select processes that the system will terminate when the UPCP script calls the system maintenance script (/scripts/maintenance) every night. After the system terminates a process, it will send the user a notification via email.

 

The background process killer does not terminate processes that run from the /USR /bin directory because the system assumes that the system administrator intentionally installed programs into that directory (for example, the system administrator installed BITCHX via RPM).

In order to run the processes properly the user shall select the checkbox that corresponds to the processes that you wish to automatically terminate. It is recommended that the user shall select all of the available processes.

  • If you wish to allow specific users to run any of the processes that you have selected, enter their names in the Trusted userstext box.
  • For example, if you add username to the list, the user username can run the processes that you select.
  • You do not need to add users with a UID below 99.
  • Click Save

Processes that this Interface can be used to kill

The processes in the following list often result in denial of service attacks (DOS or DDOS) that launch from or against your server.

Malicious users often rename the process so that it is difficult to find. However, this WHM feature detects the process no matter what name it uses, and it automatically shuts the program down.

Process Description
BITCHX This is a popular command line IRC (Internet Relay Chat) client.
BNC This is a common IRC bouncer. Bouncers allow users to hide the source of their connection and route traffic through secondary locations. Hackers often use these in denial of service attacks.
EGGDROP This is a popular IRC bot. A BOT is an automated system that will execute a set of commands. In this case, the BOT executes sets of IRC commands to moderate IRC channels (chat rooms). However, attackers can use this program to create BOTNETS for denial of service attacks.
Generic Sniffers Third parties use sniffers to collect and analyze packets of information as they transmit between computers. Often, hackers use sniffers to analyze the data for encryption methods and gain access to networks to which they should not have access.
Guard Services This is an IRC bot. For more information, see the definition of EGGDROP above.
IRCD This is the daemon that enables IRC. IRC is an attractive target for malicious users, because the server typically runs for a long period of time. This allows hackers to use packet sniffers to extract information and launch attacks.
PSYBNCNC This is a popular IRC network bouncer. For more information, see the definition for BNC above for more information.
PTLINK This is an IRC server. For more information, see the definition of IRCD above.
SERVICES This is an IRC bot. For more information, see the definition of EGGDROP above.

 

Conclusion

Background Process Killer is an essential part of CPANEL. This is because it helps to terminate a particular process and the user gets a notification for the same. This article also shows the descriptions of the various processes that are related to Background process Killer.