Shell Fork Bomb protection prevents the SSH/Telnet users from using the complete server resources and thereby causing a system crash. In simple words, this is a script that creates many processes quickly by using fork (). By executing this process, you will be able to prevent the system by filling up the process table to an extent where you can’t even use ‘ps’ and in this case, you won’t be able to detect who did it.
The complete process is mentioned below:
- Login to WHM with root access.
- Go to Security Center option from the navigation menu and click on Shell Fork Bomb Protection.
- Click on the ‘Shell Fork Bomb Protection’ icon.
- Click on ‘Enable Protection’ in order to enable this feature.
After the protection is enabled, the limits mentioned below are available for protecting the server:
Limit | Option | Description |
---|---|---|
200000 | -c | Limits the maximum number of core files created. |
200000 | -d | Limits the maximum size of the process’s data segment. |
200000 | -m | Limits the maximum resident set size. |
100 | -n | Limits the maximum number of open file descriptions. |
8192 | -s | Limits the maximum stack size. |
35 | -u | Limits the maximum number of processes available for a single user. |
200000 | -v | Limits the maximum volume of virtual memory available for the process. |
Note that the ‘u’ option limits the bash shell users (default for cPanel users) to 35 processes per user.
You can also execute this process through the command line:
- Login to SSH through root access.
- Execute the command mentioned below for enabling ‘Shell Fork Bomb Protection.
perl -I/usr/local/cpanel -MCpanel::LoginProfile -le ‘print [Cpanel::LoginProfile::install_profile(‘limits’)]->[1];’
- Now you have to restart the cPanel service with the command mentioned below.
# service cpanel restart
- You can also disable the Shell Form Bomb Protection with the command mentioned below.
perl -I/usr/local/cpanel -MCpanel::LoginProfile -le ‘print [Cpanel::LoginProfile::remove_profile(‘limits’)]->[1];’
- You have to again restart the cPanel service after executing this command.
# service cpanel restart
However, it is recommended to enable this feature through the WHM API. In case you need any further assistance with this process, you can get in touch with our support department.