CPanel Fork Bomb Protection

The cPanel Fork Bomb Protection feature modifies the following files:

/etc/bashrc
/etc/profile
/etc/profile.d/limits.sh
/etc/profile.d/limits.csh

It will append the following lines to the files:

#cPanel Added Limit Protections -- BEGIN

#unlimit so we can run the whoami
ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null

LIMITUSER=$USER
if [ -e "/usr/bin/whoami" ]; then
        LIMITUSER=`/usr/bin/whoami`
fi
if [ "$LIMITUSER" != "root" ]; then
        ulimit -n 100 -u 35 -m 200000 -d 200000 -s 8192 -c 200000 -v unlimited 2>/dev/null
else
        ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null
fi
#cPanel Added Limit Protections -- END

And the following to the csh profile script:

#cPanel Added Limit Protections -- BEGIN
setenv LIMITUSER $USER
if ( -e /usr/bin/whoami ) then
        setenv LIMITUSER `whoami`
endif
if ( "$LIMITUSER" != "root" ) then
        limit descriptors 100
        limit maxproc 35
        limit memoryuse 200000
        limit datasize 200000
        limit stacksize 8192
        limit coredumpsize 200000
else
        limit descriptors 4096
        limit maxproc 14335
        limit memoryuse unlimited
        limit datasize unlimited
        limit stacksize 8192
        limit coredumpsize 1000000
endif
#cPanel Added Limit Protections -- END

This will cause non-root users to have a limit on certain resources as listed below.

Fork Bomb Protection Disabled	Fork Bomb Protection Enabled
leo@webtwo:/home/leo% ulimit -a -t: cpu time (seconds) unlimited -f: file size (blocks) unlimited -d: data seg size (kbytes) unlimited -s: stack size (kbytes) 10240 -c: core file size (blocks) 0 -m: resident set size (kbytes) unlimited -u: processes 1024 -n: file descriptors 1024 -l: locked-in-memory size (kb) 64 -v: address space (kb) unlimited -x: file locks unlimited -i: pending signals 513812 -q: bytes in POSIX msg queues 819200 -e: max nice 0 -r: max rt priority 0	leo@webtwo:/home/leo% ulimit -a -t: cpu time (seconds) unlimited -f: file size (blocks) unlimited -d: data seg size (kbytes) 200000 -s: stack size (kbytes) 8192 -c: core file size (blocks) 200000 -m: resident set size (kbytes) 200000 -u: processes 35 -n: file descriptors 100 -l: locked-in-memory size (kb) 64 -v: address space (kb) unlimited -x: file locks unlimited -i: pending signals 513812 -q: bytes in POSIX msg queues 819200 -e: max nice 0 -r: max rt priority 0

Fork Bomb Protection Disabled

Fork Bomb Protection Enabled

leo@webtwo:/home/leo% ulimit -a
-t: cpu time (seconds)         unlimited
-f: file size (blocks)         unlimited
-d: data seg size (kbytes)     unlimited
-s: stack size (kbytes)        10240
-c: core file size (blocks)    0
-m: resident set size (kbytes) unlimited
-u: processes                  1024
-n: file descriptors           1024
-l: locked-in-memory size (kb) 64
-v: address space (kb)         unlimited
-x: file locks                 unlimited
-i: pending signals            513812
-q: bytes in POSIX msg queues  819200
-e: max nice                   0
-r: max rt priority            0

leo@webtwo:/home/leo% ulimit -a
-t: cpu time (seconds)         unlimited
-f: file size (blocks)         unlimited
-d: data seg size (kbytes)     200000
-s: stack size (kbytes)        8192
-c: core file size (blocks)    200000
-m: resident set size (kbytes) 200000
-u: processes                  35
-n: file descriptors           100
-l: locked-in-memory size (kb) 64
-v: address space (kb)         unlimited
-x: file locks                 unlimited
-i: pending signals            513812
-q: bytes in POSIX msg queues  819200
-e: max nice                   0
-r: max rt priority            0

v t e Linux

Various Linux Notes	/etc/fstab Access.conf ACL Apache Proxy to Internal Server APM X-C1 (Mustang) ARP Authselect Bash Scripting Blockparser Booting Linux without a Graphics Card Building Container Images Burning CD/DVD in Linux Clear RAID Signatures on Linux Cobbler Colorized Terminal Outputs Compiling MIPS Configure Sendmail CPanel CPanel Fork Bomb Protection CPU Frequency Scaling Create a Linux User with an Empty Password Cron and PAM Issues Dell OpenManage Diff Two Command Outputs DirectAdmin Disable Filesystem Check on Startup DNS Ad Blocker Driver Disk Drop caches End / Home keys don't work in Terminal Entropy in the Linux Kernel Entropy Source using RTL-SDR Exit Codes Extract .exe Resources with dd File Attributes Fixing ixgbe unsupported SFP+ module type was detected Get Active Linux Virtual Console Getting Hardware UUID Hosts.deny How to change Linux desktop user directories How to hot-swap SATA disks on Linux HP Smart Storage Administrator Hyper-threading IBM Spectrum Archive IBM Spectrum Protect IBM Tape IBM Tape Diagnostic Tool InterWorx Kerberize NFS Kerberize SSH Linux Clustering Linux Fonts Linux Namespaces Linux Network Interface Naming Linux Nvidia Driver Linux Process Accounting Linux Uptime in Seconds Linux UTF-8 Font Mainline Kernel on CentOS 7 Missing Fonts Mod fastcgi Install on Apache 2 / cPanel Mod fcgid Monitoring network traffic in Linux Mounting / Unmounting KVM Image Mounting Samba (CIFS) shares Multiple Networks on Linux MySQL Database with Hash Sign No Console Output Number of Files Opened Open OnDemand Packing and unpacking initrd PAM Issues Partition Alignment Patching a binary file with dd Perl Module Location Raspberry Pi Red Hat kickstart Red Hat to Debian Reverse SSH Tunnel Ruby on Rails under cPanel Rutorrent + rtorrent Installation Guide on CentOS 6.4 Self Signed SSL Certificates Service Management Sick Beard StartSSL Free Certificate Symlink Taking a Screenshot in X11 Timezone Tor TOR Transparent Proxy Traefik Troubleshooting a Slow Linux System Turning on swap with a page file Udev Rules Verify SSL Certificate matches Private Key VMware Workstation Webcam X Display Manipulation X Forwarding

Linux Tools and Utilites	Anaconda Ansible Aria2 Autofs Awk Badblocks Bash Shell Binwalk Bosh Ceph Chntpw Chrony Clonezilla Cloud-init CloudStack Column Cron Curl Cvs2git Date Dbus Dd Dm-crypt Dovecot DRBD ElasticSearch Enroot Environment Module Envsubst Fail2ban FFmpeg Find Firecracker Flashrom Foreman FortiClient Fswebcam Galaxy Git Gnome Gobetween GPFS Grafana Grub Hdparm Home Assistant How to disable SELinux Htaccess Infiniband InfluxDB InfluxDB 1.x Insert a kickstart file into a iso image Inspircd IOzone Iperf3 Ipmitool Irqbalance John The Ripper Lightdm Lm sensors Logrotate LSF LVM Lynx Mailx Md5sum Mdadm Midnight Commander Motion Mount Mutt Nomad OpenLDAP Openocd OpenSSL OpenVPN Packer PHP Pi-hole Postgres PowerBroker Identity Service Proxmox Pueue PulseAudio Puppet Quota Red Hat Satellite Restic Rsync Rtorrent Ruby Sabnzbd Sage Samba Screen Sed SELinux Sendmail Shell Configs Singularity Sleep Slurm SMART Sonarr Sqlite SquashFS Squid SSH Steam Stoken Strace Sudo Sync Sysctl Syslog Sysrq System Security Services Daemon (SSSD) Systemd Tar Tcsh Telegraf Terraform Thttpd Tmux Tomcat Top Umask Unix2dos Vim Virsh Virt-customize VirtualBox VirtualGL Visidata Vnstat Weechat Wget XFS Youtube-dl ZFS Zram

Package Management	APT Pacman RPM Yum

Linux Distributions	Alpine Linux Arch Linux CentOS Fedora NixOS Red Hat Enterprise Linux Tails Tiny Core Linux Ubuntu

Networking	Blazemeter CSF/LFD Exim Firewall FreeIPA Get DHCP Network Settings IP Aliasing Ipset IPTables IPv6 IPXE Link Aggregation Linux Network Namespaces MTU Net-tools to iproute2 Netcat Open vSwitch OpenWRT Postfix Raspberry Pi Torified Wifi Socat Static Routes StrongSwan Tcpdump Traffic Forwarder using IPTables Wi-Fi WireGuard

Containers	Docker Docker Compose Docker Swarm Helm K3s Kibana Kubernetes Mailu PKS Podman

CPanel Fork Bomb Protection

See Also

Recent Changes

Recent Changes under Linux

Recent Changes under Guides

Ad-Free + Tracker-Free