Navigation

Captain · #1 17th February 2010, 15:39

Hello!
Have this problem server CPU usage 100%
user admispconfig
command: /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL

What it can be?

For what this process is needed?

Big thnks!

till · #2 17th February 2010, 17:22

This s sthe ispconfig interface, but I've never seen that it used that much cpu. Please check your server with rkhunter and chkrootkit.

Captain · #3 17th February 2010, 18:46

After checking:

Code:

Checking `bindshell'... INFECTED (PORTS:  1524 6667 31337)

Nmap in local area

Code:

Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-17 19:40 EET
Illegal netmask value (1524), must be /1 - /32 .  Assuming /32 (one host)
Interesting ports on srv.domai.com (192.168.123.111):
Not shown: 1681 closed ports
PORT      STATE SERVICE
1/tcp     open  tcpmux
11/tcp    open  systat
15/tcp    open  netstat
21/tcp    open  ftp
22/tcp    open  ssh
25/tcp    open  smtp
53/tcp    open  domain
79/tcp    open  finger
80/tcp    open  http
81/tcp    open  hosts2-ns
110/tcp   open  pop3
111/tcp   open  rpcbind
119/tcp   open  nntp
143/tcp   open  imap
443/tcp   open  https
540/tcp   open  uucp
635/tcp   open  unknown
993/tcp   open  imaps
995/tcp   open  pop3s
1080/tcp  open  socks
1524/tcp  open  ingreslock
2000/tcp  open  callbook
3306/tcp  open  mysql
6667/tcp  open  irc
10000/tcp open  snet-sensor-mgmt
12345/tcp open  netbus
12346/tcp open  netbus
27665/tcp open  Trinoo_Master
31337/tcp open  Elite
32771/tcp open  sometimes-rpc5
32772/tcp open  sometimes-rpc7
32773/tcp open  sometimes-rpc9
32774/tcp open  sometimes-rpc11
54320/tcp open  bo2k

Nmap from internet:

Code:

Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-17 19:41 EET
Interesting ports on mail.domain.com (154.136.112.156):
Not shown: 1707 filtered ports
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
25/tcp  open  smtp
53/tcp  open  domain
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap
443/tcp open  https

It is ok?

Thank you!

Captain · #4 18th February 2010, 11:28

Still have this problem.
100% CPU usage
Help only ispconfig_server restart!

Please help!

till · #5 18th February 2010, 11:43

I guess you had a old phpmyadmin version installed, there had been a few hacked servers trough this some months ago. This allowed the hackers to run some scripts on the ispconfig httpd server as phpmyadmin runs on the same httpd.

To fix this, I recommend that you do this:

1) stop ispconfig:

/etc/init.d/ispconfig_server stop

2) Move the ispconfig folder to another place:

mv /home/admispconfig/ispconfig /home/admispconfig/ispconfig_old

3) copy back the ispconfig config file:

mkdir -p /home/admispconfig/ispconfig/lib
cp -prf /home/admispconfig/ispconfig_old/lib/config.inc.php /home/admispconfig/ispconfig/lib/config.inc.php

4) Download the latest ISPConfig 2 release (2.2.35), unpack it and run the setup script. This will update ispconfig and recreate the contents in /home/admispconfig/ispconfig

Captain · #6 18th February 2010, 11:54

Thank you!

I will try this.
But now I have 2.2.35 version.
After reinstall I feedback you.

Big thnks!

Captain · #7 21st February 2010, 19:10

Now all work great!
Big thnks Till!

Captain · #8 8th March 2010, 21:50

Hi Till!

I still have this problem, please help!

I am update Ubuntu from 8.10 to 9.10

And after some days i see this BIG CPU load.

this is print screem from my htop:

Navigation

Facebook

News

Recent comments

Newsletter