Shell Fork Bomb Protection

Valid for versions 82 through the latest version

Version:

82


Last modified: July 28, 2022

Overview

Fork bombs start a cascade of small processes on a server that duplicate themselves until the server’s resources are depleted.

This feature helps you protect your server from users with terminal access (SSH or Telnet) who may inadvertently or intentionally cause a fork bomb.

How to configure shell fork bomb protection

To enable or disable shell fork bomb protection, click Enable Protection or Disable Protection.

After you enable shell fork bomb protection, the system runs an ulimit command to limit user actions. You may use the following options to customize your user limits:

Limit Option Description
200000 -c Limits the maximum size of core files that users can create.
200000 -d Limits the maximum size of a process’s data segment.
200000 -m Limits the maximum resident set size.
100 -n Limits the maximum number of open-file descriptors.
8192 -s Limits the maximum stack size.
35 -u Limits the maximum number of processes that are available to a single user.
Note:
This option limits cPanel users with bash shell access, which is the default shell for cPanel users, to 35 processes each.
Unlimited -v The amount of virtual memory available for the processes.

Additional Documentation