• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question CPU Red alarm level

C

Curtis1

Basic Pleskian
Hi
I have a question.

Every so often I will get a plesk alarm email indicating that the CPU Usage has changed to "red". I just looked at the last 5 that I got, spread over the last few months. In every instance, the only processes shown that are running are the same 3 processes :

csrss.exe
winlogon.exe
LogonUI.exe

Am I to believe that logon attempts are causing high CPU usage ?
If it is not me logging in, would this imply someone is trying to hack into the server and blasting it with login attempts ?

Is there some other info i can look at to see what might be causing this ?
I sort of find it hard to believe it is hack attempts, otherwise I would think it would be happening every day or at least several times a week. But i might only get these alerts maybe once a week.
Any suggestions or ideas ?
 
In case you assume someone trying to hack your server with login attempts, you should look at Event Viewer->Windows Logs->Security log.
There should be logged attempts to login to your server.

If you can find that there are lot of RDP login attempts, you can try to:
1) change default RDP port from 3389 to something unusual
2) check that Network Level Authentication is enabled for RDP. In case it is disabled Windows will try to start UI process for hacker trying to brute force attack your server. UI process wastes CPU time.
 
You must log in or register to reply here.

Similar threads

T
Issue 100% CPU
Replies
8
Views
2K
Peter Debik
P
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
8
Views
2K
HHawk
HHawk
N
Issue Reconfigurator slow performance when adding DNS records
Replies
0
Views
921
nelteren
N
randypetersen
Question After upgrade PHP-FPM has high cpu usage.
Replies
6
Views
11K
Peter Debik
P
D
Issue 502 bad gateway every day at midnight (caught SIGWINCH, shutting down gracefully)
Replies
12
Views
7K
MartinT
M
Back
Top