Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th February 2010, 15:39
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 285
Thanks: 80
Thanked 7 Times in 6 Posts
Exclamation Problem 100% CPU ispconfig_httpd -DSSL

Hello!
Have this problem server CPU usage 100%
user admispconfig
command: /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL

What it can be?

For what this process is needed?

Big thnks!

Last edited by Captain; 17th February 2010 at 16:12.
Reply With Quote
Sponsored Links
  #2  
Old 17th February 2010, 17:22
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,381
Thanks: 833
Thanked 5,482 Times in 4,316 Posts
Default

This s sthe ispconfig interface, but I've never seen that it used that much cpu. Please check your server with rkhunter and chkrootkit.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
Captain (17th February 2010)
  #3  
Old 17th February 2010, 18:46
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 285
Thanks: 80
Thanked 7 Times in 6 Posts
Default

After checking:
Code:
Checking `bindshell'... INFECTED (PORTS:  1524 6667 31337)
Nmap in local area
Code:
Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-17 19:40 EET
Illegal netmask value (1524), must be /1 - /32 .  Assuming /32 (one host)
Interesting ports on srv.domai.com (192.168.123.111):
Not shown: 1681 closed ports
PORT      STATE SERVICE
1/tcp     open  tcpmux
11/tcp    open  systat
15/tcp    open  netstat
21/tcp    open  ftp
22/tcp    open  ssh
25/tcp    open  smtp
53/tcp    open  domain
79/tcp    open  finger
80/tcp    open  http
81/tcp    open  hosts2-ns
110/tcp   open  pop3
111/tcp   open  rpcbind
119/tcp   open  nntp
143/tcp   open  imap
443/tcp   open  https
540/tcp   open  uucp
635/tcp   open  unknown
993/tcp   open  imaps
995/tcp   open  pop3s
1080/tcp  open  socks
1524/tcp  open  ingreslock
2000/tcp  open  callbook
3306/tcp  open  mysql
6667/tcp  open  irc
10000/tcp open  snet-sensor-mgmt
12345/tcp open  netbus
12346/tcp open  netbus
27665/tcp open  Trinoo_Master
31337/tcp open  Elite
32771/tcp open  sometimes-rpc5
32772/tcp open  sometimes-rpc7
32773/tcp open  sometimes-rpc9
32774/tcp open  sometimes-rpc11
54320/tcp open  bo2k
Nmap from internet:
Code:
Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-17 19:41 EET
Interesting ports on mail.domain.com (154.136.112.156):
Not shown: 1707 filtered ports
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
25/tcp  open  smtp
53/tcp  open  domain
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap
443/tcp open  https
It is ok?

Thank you!
Reply With Quote
  #4  
Old 18th February 2010, 11:28
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 285
Thanks: 80
Thanked 7 Times in 6 Posts
Exclamation

Still have this problem.
100% CPU usage
Help only ispconfig_server restart!

Please help!
Reply With Quote
  #5  
Old 18th February 2010, 11:43
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,381
Thanks: 833
Thanked 5,482 Times in 4,316 Posts
Default

I guess you had a old phpmyadmin version installed, there had been a few hacked servers trough this some months ago. This allowed the hackers to run some scripts on the ispconfig httpd server as phpmyadmin runs on the same httpd.

To fix this, I recommend that you do this:

1) stop ispconfig:

/etc/init.d/ispconfig_server stop

2) Move the ispconfig folder to another place:

mv /home/admispconfig/ispconfig /home/admispconfig/ispconfig_old

3) copy back the ispconfig config file:

mkdir -p /home/admispconfig/ispconfig/lib
cp -prf /home/admispconfig/ispconfig_old/lib/config.inc.php /home/admispconfig/ispconfig/lib/config.inc.php

4) Download the latest ISPConfig 2 release (2.2.35), unpack it and run the setup script. This will update ispconfig and recreate the contents in /home/admispconfig/ispconfig
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
Captain (21st February 2010)
  #6  
Old 18th February 2010, 11:54
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 285
Thanks: 80
Thanked 7 Times in 6 Posts
Default

Thank you!

I will try this.
But now I have 2.2.35 version.
After reinstall I feedback you.

Big thnks!
Reply With Quote
  #7  
Old 21st February 2010, 19:10
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 285
Thanks: 80
Thanked 7 Times in 6 Posts
Default

Now all work great!
Big thnks Till!
Reply With Quote
  #8  
Old 8th March 2010, 21:50
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 285
Thanks: 80
Thanked 7 Times in 6 Posts
 
Exclamation

Hi Till!

I still have this problem, please help!

I am update Ubuntu from 8.10 to 9.10

And after some days i see this BIG CPU load.

this is print screem from my htop:


Last edited by Captain; 9th March 2010 at 10:47.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix problems with smtp linkdeb Server Operation 13 15th March 2014 17:58
Strange email problem for one of my domains... any help appreciated paulrobert_a Installation/Configuration 5 9th August 2010 14:15
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 12:20
Memory leak? oom-killer problem yikes! Stokesy Server Operation 7 29th July 2006 12:48
Postfix+MySQL Problem jasutton Installation/Configuration 1 15th June 2006 16:06


All times are GMT +2. The time now is 23:31.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.