Autonomous monitoring and remediation for cPanel/WHM servers.

Detect, diagnose, and act on incidents before your inbox fills up. Dangerous changes wait for your approval.

In private beta with hosting teams

cpanel_chkservd · 03:14HIGH

service down · server.example.com

mysqld failed to start: innodb_buffer_pool_size 16G exceeds 12.96 GB available RAM.

Fix slow log permissionsdone

chmod 640 /var/log/mariadb/mariadb-slow.log

Reduce InnoDB buffer pool to 8Gdone

sed -i 's/^innodb_buffer_pool_size=.*/innodb_buffer_pool_size=8G/' /etc/my.cnf.d/server.cnf

Restart mariadbdone
```
systemctl restart mariadb
```

lfd · 02:47MEDIUM

auth brute force · server.example.com

8,127 failed sshd auth attempts in 5 min from a single attacker subnet, four source ASNs.

Block attacker subnet via CSFdone

csf -d 203.0.113.0/24 "SSH brute force - SGuard auto"

Whitelist admin IP (idempotent)done

csf -a 198.51.100.10 "Admin - SGuard auto"

node_exporter · 04:02CRITICAL

disk full · server.example.com

/backup at 96% (331 GB used). 7 backup sets present; oldest 4 = 170 GB. Retention policy: keep last 3.

Delete oldest 4 backup sets (frees 170 GB)done

find /backup -mindepth 1 -maxdepth 1 -type d | sort | head -n 4 | xargs rm -rf

What ServerGuard handles autonomously

Each card below maps to one or more remediation use cases. We diagnose with the actual log lines, run the fix, and verify the result. Dangerous actions still wait for your approval.

Database recovery

MySQL crashed at 3am. We have it back up by 3:04am.

Detects ChkServd MySQL alerts in under 60 seconds
Reads the actual error log to identify the root cause
Fixes innodb_buffer_pool_size mismatches automatically
Restores slow-log file permissions when missing
Restarts MariaDB and verifies it stayed up for 60 seconds

See full use case

WordPress under load

WP-Cron stacks and bot floods that pin a CPU at 100%.

Identifies the cPanel user whose wp-cron.php is stacking
Recycles the PHP-FPM pool for that account, not the whole server
Blocks xmlrpc.php brute force at the firewall, not in PHP
Applies WordPress hardening rules per cPanel account

See full use case

Disk and backup

We catch the disk full alert before your customer does.

Watches inode and partition usage on every poll
Rotates and truncates oversized logs before /var fills up
Prunes JetBackup archives that overran their retention
Reports the top ten largest paths in the audit log

See full use case

Security and brute force

Blocks attackers and respects your admin IP allowlist.

Restarts csf and lfd when their watchdogs fail
Tunes lfd thresholds for SSH, IMAP, and wp-login attempts
Reads csf.allow before every block so we never lock you out
Quarantines Imunify360 detections and audits the affected files

See full use case

Mail and SSL

Spamhaus delisting, SSL renewals, and mail queue cleanup.

Trims runaway Exim queues and reports the top sender
Submits Spamhaus and SORBS delisting requests automatically
Renews Let's Encrypt certificates that AutoSSL skipped
Detects RBL blacklist entries on outbound IPs

See full use case

Platform health

Apache, DNS, FTP, NTP, OOM. The full surface, not just MySQL.

Restarts Apache or LiteSpeed when a worker pool deadlocks
Detects BIND or PowerDNS zone load failures
Restarts Pure-FTPd or ProFTPD on socket exhaustion
Reads dmesg for OOM kills and tunes swappiness or service limits
Re-syncs chronyd when system time drifts past tolerance

See full use case