HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Problem 100% CPU ispconfig_httpd -DSSL (http://www.howtoforge.com/forums/showthread.php?t=43519)

Captain 17th February 2010 15:39

Problem 100% CPU ispconfig_httpd -DSSL
 
Hello!
Have this problem server CPU usage 100%
user admispconfig
command: /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL

What it can be?

For what this process is needed?

Big thnks!

till 17th February 2010 17:22

This s sthe ispconfig interface, but I've never seen that it used that much cpu. Please check your server with rkhunter and chkrootkit.

Captain 17th February 2010 18:46

After checking:
Code:

Checking `bindshell'... INFECTED (PORTS:  1524 6667 31337)
Nmap in local area
Code:

Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-17 19:40 EET
Illegal netmask value (1524), must be /1 - /32 .  Assuming /32 (one host)
Interesting ports on srv.domai.com (192.168.123.111):
Not shown: 1681 closed ports
PORT      STATE SERVICE
1/tcp    open  tcpmux
11/tcp    open  systat
15/tcp    open  netstat
21/tcp    open  ftp
22/tcp    open  ssh
25/tcp    open  smtp
53/tcp    open  domain
79/tcp    open  finger
80/tcp    open  http
81/tcp    open  hosts2-ns
110/tcp  open  pop3
111/tcp  open  rpcbind
119/tcp  open  nntp
143/tcp  open  imap
443/tcp  open  https
540/tcp  open  uucp
635/tcp  open  unknown
993/tcp  open  imaps
995/tcp  open  pop3s
1080/tcp  open  socks
1524/tcp  open  ingreslock
2000/tcp  open  callbook
3306/tcp  open  mysql
6667/tcp  open  irc
10000/tcp open  snet-sensor-mgmt
12345/tcp open  netbus
12346/tcp open  netbus
27665/tcp open  Trinoo_Master
31337/tcp open  Elite
32771/tcp open  sometimes-rpc5
32772/tcp open  sometimes-rpc7
32773/tcp open  sometimes-rpc9
32774/tcp open  sometimes-rpc11
54320/tcp open  bo2k

Nmap from internet:
Code:

Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-17 19:41 EET
Interesting ports on mail.domain.com (154.136.112.156):
Not shown: 1707 filtered ports
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
25/tcp  open  smtp
53/tcp  open  domain
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap
443/tcp open  https

It is ok?

Thank you!

Captain 18th February 2010 11:28

Still have this problem.
100% CPU usage
Help only ispconfig_server restart!

Please help!

till 18th February 2010 11:43

I guess you had a old phpmyadmin version installed, there had been a few hacked servers trough this some months ago. This allowed the hackers to run some scripts on the ispconfig httpd server as phpmyadmin runs on the same httpd.

To fix this, I recommend that you do this:

1) stop ispconfig:

/etc/init.d/ispconfig_server stop

2) Move the ispconfig folder to another place:

mv /home/admispconfig/ispconfig /home/admispconfig/ispconfig_old

3) copy back the ispconfig config file:

mkdir -p /home/admispconfig/ispconfig/lib
cp -prf /home/admispconfig/ispconfig_old/lib/config.inc.php /home/admispconfig/ispconfig/lib/config.inc.php

4) Download the latest ISPConfig 2 release (2.2.35), unpack it and run the setup script. This will update ispconfig and recreate the contents in /home/admispconfig/ispconfig

Captain 18th February 2010 11:54

Thank you!

I will try this.
But now I have 2.2.35 version.
After reinstall I feedback you.

Big thnks!

Captain 21st February 2010 19:10

Now all work great!
Big thnks Till!

Captain 8th March 2010 21:50

Hi Till!

I still have this problem, please help!

I am update Ubuntu from 8.10 to 9.10

And after some days i see this BIG CPU load.

this is print screem from my htop:

http://intechnologies.lv/images/serv.JPG


All times are GMT +2. The time now is 10:47.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.