Findings activity
Open by severity
Servers
live load, governedAction queue
| Detected | Server | Module | Sev | Subject | Account / IP |
|---|
Servers
every WHM box reporting to this collector| Server | Region | Health | Load / core | Open P1 | Open P2 | 24h | Last seen |
|---|
Findings
detections across the fleet| Time | Server | Module | Sev | Subject | Account / IP | Status |
|---|
Controller actions
every action is reversible, TTL'd, and audited| When | Server | Action | Target | Reason | State | TTL |
|---|
Outbound mail
the abuse that gets your IP blacklisted — caught as it happensSender pileups (Exim queue)
| Sender | Server | Queued | Frozen | Recipients | Oldest |
|---|
WordPress sites
CloudFigma Shield coverage across the fleet — enable or disable per siteSites
| Site | Account | Server | Shield | Protection |
|---|
IP Firewall
block, unblock, look up reputation — backed by CSFIP reputation lookup
Manually block an IP
Blocked IPs
| IP | Reason | Server | When | Type | Actions |
|---|
Your IPs on blocklists
| IP | Server | Blocklist | Listed |
|---|
Settings
these map 1:1 to /etc/cwp/agent.conf on every serverDetect-first is the safe default. Nothing is blocked, held, or suspended until you graduate an action. Flip a server to Enforcing only after its trips have proven quiet.
Account suspension and file quarantine always wait for your one-tap approval, even in Enforcing mode.
How long a mail-hold or IP block stays before it releases itself. Seconds.
Normalized load (load1 ÷ cores). Above this, heavy scans pace themselves.
At/above this the agent defers all heavy work until the box recovers. The agent can never push you past here.
Below this fraction free, treat the box as pressured and defer.
CPUQuota 15% · MemoryMax 128M · Nice 19 · idle IO. Enforced by the OS — the agent is incapable of a spike even with a bug.
Messages per hour per account that raises an alert.
An account averaging fewer than this per day is considered "quiet" — the strongest compromise signal when it suddenly sends.
Messages in one hour from a quiet account that fires a P1.
Distinct recipients that flag a spam blast.
Length of the mail-only hold (website stays up). Seconds.
Email alerting status loads from the collector.
Which finding levels trigger an email digest.
Emails you if a server stops reporting for this long — a silent agent can mean a crash or a compromise.
These are live values from the collector. Edit them in /home/cwp/cwp-config/alert.conf (in-console editing is on the roadmap).