High CPU usage due to whois process

We have seen some of the PBX experience high CPU usage due to spinning whois process.

If you received a notification form our staff that your PBX use higher than normal cpu time,  you may want to check for this issue.  You can login to your ssh console and type top.  Please observe whether one whois or multiple whois process it consuming your CPU.

The high CPU usage may impact your call quality.  Therefore,  you may want to take care of this issue as soon as possible.

You can stop the whois process by typing killall whois at your ssh console.  There is no need to reboot your PBX.

The whois is used by fail2ban to help you translate an attacking IP address to a human readable host name or other information.  This is an confinience feature that fail2ban do when it send an email notification of an attack incident.

Moving forward, I would defer to your own judgement to consider the benefit and the inconvinience of using whois on your fail2ban.  If you do not want to have whois to translate the attacking ip,  you can rename any reference in the /etc/fail2ban/jail.conf of sendmail-whois to sendmail.  You can do it with your favorite text editor.  You will need to restart your fail2ban after making changes.

Was this answer helpful?

 Print this Article

Also Read

Call Quality Troubleshooting

In the case that you are experiencing bad call quality please consider the following suggestions....

Firewall Configuration

All of our installation, except for the PBX in a Flash, comes with apf firewall pre-installed....


All server are setup with root access ssh.  Login information to use with the ssh is sent in...

How to manage fail2ban


Issue with IAX Call rejected, CallToken

If you have problem connecting through IAX protocol, please check if you see " Call...