Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 27th August 2013, 09:36
iceget iceget is offline
Member
 
Join Date: Feb 2008
Posts: 78
Thanks: 2
Thanked 0 Times in 0 Posts
Default ispconfig 3 with debian wheezy high load

dear Team,

i have installed two months ago the new ispconfig 3 on Debian wheezy.
from the old web files (old Websites) i have some Websites the are in the past under attack (filesman, mysql injection and and and...).

now after Setup the Server, all works fine, but now i have a great load on this Server. i have deactivated the email function in ispconfig.

but i have a really high load:
up 24 min, 1 user, load average: 37.02, 33.93, 30.84

top:
29903 postfix 20 0 39240 2384 1860 D 1 0.0 0:00.94 showq
1622 root 20 0 143m 7856 2252 S 1 0.0 0:12.02 fail2ban-server
1817 mysql 20 0 353m 94m 7828 S 0 0.6 0:29.85 mysqld
12676 root 20 0 19600 1884 1020 R 0 0.0 0:03.78 top
19115 web179 20 0 200m 21m 9072 S 0 0.1 0:00.69 php-cgi
25544 web284 20 0 193m 12m 7968 S 0 0.1 0:00.06 php-cgi
30017 web212 20 0 192m 12m 7968 S 0 0.1 0:00.02 php-cgi
1 root 20 0 8356 820 684 S 0 0.0 0:00.87 init
2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd
3 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/0


netstat -tap:
Aktive Internetverbindungen (Server und stehende Verbindungen)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:submission *:* LISTEN 2290/master
tcp 0 0 *op3 *:* LISTEN 2183/dovecot
tcp 0 0 *:imap2 *:* LISTEN 2183/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 989/portmap
tcp 0 0 *:ssmtp *:* LISTEN 2290/master
tcp 0 0 *:ftp *:* LISTEN 2308/pure-ftpd (SER
tcp 0 0 server01.server.local:domain *:* LISTEN 1583/named
tcp 0 0 server01.server.local:domain *:* LISTEN 1583/named
tcp 0 0 localhost:domain *:* LISTEN 1583/named
tcp 0 0 *:ssh *:* LISTEN 1552/sshd
tcp 0 0 *:smtp *:* LISTEN 2290/master
tcp 0 0 localhost:953 *:* LISTEN 1583/named
tcp 0 0 *:imaps *:* LISTEN 2183/dovecot
tcp 0 0 *op3s *:* LISTEN 2183/dovecot
tcp 0 0 localhost:10024 *:* LISTEN 1974/amavisd (maste
tcp 0 0 localhost:10025 *:* LISTEN 2290/master
tcp 0 0 *:48553 *:* LISTEN 1001/rpc.statd
tcp 0 0 *:mysql *:* LISTEN 1817/mysqld
tcp 0 0 localhost:35973 localhost:mysql TIME_WAIT -
tcp 0 0 server01.server.local.:36492 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 server01.server.local.:58769 fa-in-f27.1e100.ne:smtp VERBUNDEN 21105/smtp
tcp 0 0 server01.server.local.:58832 fa-in-f27.1e100.ne:smtp VERBUNDEN 7948/smtp
tcp 0 0 localhost:59627 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:37761 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:36910 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:37857 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:36638 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:55576 localhost:mysql VERBUNDEN 2671/smtp
tcp 0 0 localhost:35194 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:57769 localhost:mysql VERBUNDEN 2666/smtp
tcp 0 0 localhost:37234 localhost:mysql VERBUNDEN 2535/smtp
tcp 0 0 localhost:35139 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:40819 localhost:10025 VERBUNDEN 30297/amavisd (ch1-
tcp 0 0 localhost:mysql localhost:36819 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:55560 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:60605 localhost:mysql TIME_WAIT -
tcp 0 0 server01.server.local.:59747 ec2-54-225-100-18.:smtp VERBUNDEN 2587/smtp
tcp 0 0 localhost:35222 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:37695 localhost:mysql VERBUNDEN 30063/proxymap
tcp 0 0 localhost:35206 localhost:mysql VERBUNDEN 26539/error
tcp 0 0 localhost:37694 localhost:mysql VERBUNDEN 30063/proxymap
tcp 0 0 localhost:35060 localhost:mysql VERBUNDEN 2711/smtp
tcp 0 0 localhost:mysql localhost:35196 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:58764 fa-in-f27.1e100.ne:smtp VERBUNDEN 2663/smtp
tcp 0 0 localhost:55653 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:55560 localhost:mysql VERBUNDEN 2587/smtp
tcp 0 0 server01.server.local.:36448 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:60418 localhost:mysql TIME_WAIT -
tcp 0 0 server01.server.local.:36449 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:37761 localhost:mysql VERBUNDEN 2595/smtp
tcp 0 0 localhost:32913 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:55779 localhost:mysql VERBUNDEN 2684/smtp
tcp 0 0 localhost:mysql localhost:56965 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:36208 localhost:mysql VERBUNDEN 25799/trivial-rewri
tcp 0 0 localhost:59487 localhost:mysql VERBUNDEN 2613/smtp
tcp 0 0 localhost:mysql localhost:37836 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:35210 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:35209 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:37808 localhost:mysql VERBUNDEN 26524/error
tcp 0 0 localhost:mysql localhost:36208 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:35197 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:37691 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:36110 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:35674 localhost:mysql VERBUNDEN 27371/error
tcp 0 0 localhost:mysql localhost:35060 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:35219 localhost:mysql VERBUNDEN 26573/error
tcp 0 0 localhost:35678 localhost:mysql VERBUNDEN 27372/error
tcp 0 0 localhost:55709 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:55829 localhost:mysql VERBUNDEN 2516/smtp
tcp 0 0 localhost:35181 localhost:mysql VERBUNDEN 26514/error
tcp 0 0 server01.server.local.:mysql 87.243.158.45:10535 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:35202 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:37770 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:35221 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:60334 localhost:mysql VERBUNDEN 2501/smtp
tcp 0 0 server01.server.local.:58837 fa-in-f27.1e100.ne:smtp VERBUNDEN 2538/smtp
tcp 0 0 localhost:40884 localhost:10025 VERBUNDEN 29994/amavisd (ch2-
tcp 0 0 server01.server.local.:36452 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:35200 localhost:mysql VERBUNDEN 26545/error
tcp 0 0 localhost:33119 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:37769 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:35207 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:57769 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:33606 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:43215 localhost:10024 TIME_WAIT -
tcp 0 0 localhost:35681 localhost:mysql VERBUNDEN 27370/error
tcp 0 0 server01.server.local.:58826 fa-in-f27.1e100.ne:smtp VERBUNDEN 7302/smtp
tcp 0 0 localhost:37832 localhost:mysql VERBUNDEN 26558/error
tcp 0 0 localhost:35179 localhost:mysql VERBUNDEN 26519/error
tcp 0 0 localhost:34643 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:33153 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:37648 localhost:mysql VERBUNDEN 2307/proxymap
tcp 0 0 localhost:mysql localhost:35225 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:37829 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:58765 fa-in-f27.1e100.ne:smtp VERBUNDEN 2576/smtp
tcp 0 0 localhost:mysql localhost:37842 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:36443 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:56039 localhost:mysql VERBUNDEN 2602/smtp
tcp 0 0 localhost:mysql localhost:56039 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:35218 localhost:mysql VERBUNDEN 26570/error
tcp 0 0 localhost:mysql localhost:37648 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:37693 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:36442 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:mysql localhost:37704 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:58838 fa-in-f27.1e100.ne:smtp VERBUNDEN 8677/smtp
tcp 0 0 localhost:35677 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:55563 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:60331 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:37692 localhost:mysql VERBUNDEN 30029/proxymap
tcp 0 0 server01.server.local.:43604 128.242.120.13:smtp VERBUNDEN 2566/smtp
tcp 0 0 localhost:10025 localhost:40819 VERBUNDEN 2515/smtpd
tcp 0 0 localhost:60555 localhost:mysql VERBUNDEN 2690/smtp
tcp 0 0 localhost:59242 localhost:mysql VERBUNDEN 2681/smtp
tcp 0 0 localhost:36910 localhost:mysql VERBUNDEN 2556/smtp
tcp 0 1 server01.server.local.:40588 128.242.120.13:smtp FIN_WAIT1 -
tcp 0 0 server01.server.local.:58831 fa-in-f27.1e100.ne:smtp VERBUNDEN 8676/smtp
tcp 0 0 localhost:mysql localhost:35674 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:42111 128.242.120.13:smtp VERBUNDEN 2602/smtp
tcp 0 0 localhost:mysql localhost:37694 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:35201 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:35920 localhost:mysql VERBUNDEN 21107/smtp
tcp 0 0 localhost:mysql localhost:37808 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:36938 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:35198 localhost:mysql VERBUNDEN 26555/error
tcp 0 0 localhost:35203 localhost:mysql VERBUNDEN 26542/error
tcp 0 0 localhost:35223 localhost:mysql VERBUNDEN 26571/error
tcp 0 0 localhost:mysql localhost:37735 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:36479 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:37770 localhost:mysql VERBUNDEN 30356/proxymap
tcp 0 0 localhost:35209 localhost:mysql VERBUNDEN 26536/error
tcp 0 0 localhost:60642 localhost:mysql VERBUNDEN 2611/smtp
tcp 0 0 server01.server.local.:36451 mail01.b4s-service:smtp TIME_WAIT -
tcp 1 0 server01.server.local.:59681 relay.verizon.net:smtp CLOSE_WAIT 2652/smtp
tcp 0 0 localhost:mysql localhost:55699 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:60666 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:37769 localhost:mysql VERBUNDEN 30356/proxymap
tcp 0 0 localhost:59600 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:35681 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:36465 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:mysql localhost:37647 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:35680 localhost:mysql VERBUNDEN 27369/error
tcp 0 0 localhost:35168 localhost:mysql VERBUNDEN 26518/error
tcp 0 0 server01.server.local.:58836 fa-in-f27.1e100.ne:smtp VERBUNDEN 2589/smtp
tcp 0 0 localhost:mysql localhost:35680 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:60388 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:35207 localhost:mysql VERBUNDEN 26541/error
tcp 0 0 server01.server.local.:58762 fa-in-f27.1e100.ne:smtp VERBUNDEN 2697/smtp
tcp 0 0 server01.server.local.:58763 fa-in-f27.1e100.ne:smtp VERBUNDEN 21102/smtp
tcp 0 0 server01.server.local.:36493 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:mysql localhost:35226 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:60334 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:55829 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:36167 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:35179 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:58750 localhost:mysql VERBUNDEN 2652/smtp
tcp 0 0 localhost:35673 localhost:mysql VERBUNDEN 27368/error
tcp 0 0 localhost:35220 localhost:mysql TIME_WAIT -
tcp 0 1 server01.server.local.:51984 netscape.co.uk:smtp SYN_SENT 2711/smtp
tcp 0 0 localhost:37693 localhost:mysql VERBUNDEN 30029/proxymap
tcp 0 0 server01.server.local.:36499 mail01.b4s-service:smtp VERBUNDEN 2679/smtp
tcp 0 0 localhost:37668 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:35224 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:36401 localhost:mysql VERBUNDEN 2554/smtp
tcp 0 0 localhost:mysql localhost:37695 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:56965 localhost:mysql VERBUNDEN 7303/smtp
tcp 0 0 localhost:mysql localhost:37776 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:35676 localhost:mysql VERBUNDEN 27373/error
tcp 0 0 localhost:35364 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:37828 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:55779 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:55714 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:36340 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:37837 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:60253 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:60452 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:36401 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:37828 localhost:mysql VERBUNDEN 26521/error
tcp 0 0 localhost:36167 localhost:mysql VERBUNDEN 7956/smtp
tcp 0 0 localhost:34935 localhost:mysql TIME_WAIT -
tcp 0 0 server01.server.local.:58830 fa-in-f27.1e100.ne:smtp VERBUNDEN 2669/smtp
tcp 0 0 server01.server.local.:36469 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:mysql localhost:55559 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:35672 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:33706 localhost:mysql VERBUNDEN 2553/smtp
tcp 0 0 localhost:mysql localhost:35178 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:35204 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:37776 localhost:mysql VERBUNDEN 30356/proxymap
tcp 0 0 localhost:55553 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:37807 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:37813 localhost:mysql VERBUNDEN 2528/smtp
tcp 0 0 localhost:37806 localhost:mysql VERBUNDEN 26556/error
tcp 0 0 localhost:35183 localhost:mysql VERBUNDEN 26517/error
tcp 0 0 localhost:35710 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:58042 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:60642 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:35177 localhost:mysql VERBUNDEN 26523/error
tcp 0 0 localhost:mysql localhost:59487 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:36445 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:mysql localhost:35206 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:55700 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:37746 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:10024 localhost:43233 VERBUNDEN 29994/amavisd (ch2-
tcp 0 0 server01.server.local.:36489 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:33531 localhost:mysql VERBUNDEN 2606/smtp
tcp 0 0 localhost:mysql localhost:58750 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:37831 localhost:mysql VERBUNDEN 26550/error
tcp 0 0 localhost:37842 localhost:mysql VERBUNDEN 26529/error
tcp 0 0 localhost:35184 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:55559 localhost:mysql VERBUNDEN 2536/smtp
tcp 0 0 localhost:mysql localhost:37234 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:33531 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:58767 fa-in-f27.1e100.ne:smtp VERBUNDEN 8675/smtp
tcp 0 0 localhost:36907 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:37813 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:37625 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:37690 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:60604 localhost:mysql TIME_WAIT -
tcp 0 0 server01.server.local.:58751 fa-in-f27.1e100.ne:smtp VERBUNDEN 2564/smtp
tcp 0 0 localhost:mysql localhost:56353 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:32954 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:35180 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:10025 localhost:40729 TIME_WAIT -
tcp 0 0 localhost:33544 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:59637 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:58768 fa-in-f27.1e100.ne:smtp VERBUNDEN 2691/smtp
tcp 0 0 localhost:37647 localhost:mysql VERBUNDEN 2307/proxymap
tcp 0 0 server01.server.local.:58834 fa-in-f27.1e100.ne:smtp VERBUNDEN 2595/smtp
tcp 0 0 localhost:mysql localhost:37651 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:36190 localhost:mysql VERBUNDEN 8679/smtp
tcp 0 0 localhost:37625 localhost:mysql VERBUNDEN 2608/smtp
tcp 0 0 localhost:36819 localhost:mysql VERBUNDEN 2566/smtp
tcp 0 0 localhost:mysql localhost:36190 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:37777 localhost:mysql VERBUNDEN 30356/proxymap
tcp 0 0 localhost:mysql localhost:37662 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:36446 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 1 server01.server.local.:50447 greatplains.com:smtp SYN_SENT 2543/smtp
tcp 0 0 server01.server.local.:36458 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:mysql localhost:35218 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:33740 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:34633 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:35183 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:58003 localhost:mysql TIME_WAIT -
tcp 0 0 server01.server.local.:36463 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 server01.server.local:ssh 93.82.172.14:24798 VERBUNDEN 2376/0
tcp 0 0 localhost:37662 localhost:mysql VERBUNDEN 29994/amavisd (ch2-
tcp 0 0 localhost:60358 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:55544 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:37829 localhost:mysql VERBUNDEN 26572/error
tcp 0 0 localhost:mysql localhost:37705 VERBUNDEN 1817/mysqld
tcp 0 0 server01.server.local.:36444 mail01.b4s-service:smtp TIME_WAIT -
tcp 0 0 localhost:35199 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:43233 localhost:10024 VERBUNDEN 29377/smtp
tcp 0 0 localhost:37836 localhost:mysql VERBUNDEN 2562/smtp
tcp 0 0 server01.server.local.:58770 fa-in-f27.1e100.ne:smtp VERBUNDEN 2507/smtp
tcp 0 0 localhost:35217 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:56353 localhost:mysql VERBUNDEN 7972/smtp
tcp 0 0 localhost:35812 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:57569 localhost:mysql VERBUNDEN 2687/smtp
tcp 0 0 localhost:56613 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:35176 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:60335 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:35223 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:35195 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:mysql localhost:35185 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:mysql localhost:35181 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:55716 localhost:mysql VERBUNDEN 2560/smtp
tcp 0 0 localhost:mysql localhost:35200 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:35176 localhost:mysql VERBUNDEN 26515/error
tcp 0 0 localhost:mysql localhost:37831 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:59474 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:35201 localhost:mysql VERBUNDEN 26538/error
tcp 0 0 localhost:35196 localhost:mysql VERBUNDEN 26552/error
tcp 0 0 server01.server.local:ftp 88.117.219.218:19799 VERBUNDEN 30767/pure-ftpd (ID
tcp 0 0 localhost:37026 localhost:mysql TIME_WAIT -
tcp 0 0 localhost:10025 localhost:40884 VERBUNDEN 2775/smtpd
tcp 0 0 localhost:35226 localhost:mysql VERBUNDEN 26569/error
tcp 0 0 localhost:mysql localhost:35676 VERBUNDEN 1817/mysqld
tcp 0 0 localhost:59637 localhost:mysql VERBUNDEN 7979/smtp
tcp 0 0 localhost:33469 localhost:mysql TIME_WAIT -...
/dovecot
tcp6 0 0 server01.server.local:www lin-www2.df-webho:60242 VERBUNDEN 29326/apache2
tcp6 0 0 server01.server.local:www msnbot-199-30-20-1:5054 TIME_WAIT -
tcp6 1 0 server01.server.local:www 81.177.140.121%16:34395 CLOSE_WAIT 29759/apache2
tcp6 0 0 server01.server.local:www n1nlhg018.shr.pro:25698 VERBUNDEN 30573/apache2
tcp6 0 0 server01.server.local:www linuxserver.jmcse:55208 VERBUNDEN 30686/apache2
tcp6 0 0 server01.server.local:www rs207165.rs.hoste:53207 FIN_WAIT2 -
tcp6 0 0 server01.server.local:www p5DDB86A2.dip0.t-:54873 TIME_WAIT -
tcp6 0 0 server01.server.local:www mailgw.atec.at:9392 VERBUNDEN 30665/apache2
tcp6 0 0 server01.server.local:www mailgw.atec.at:27510 VERBUNDEN 30666/apache2
tcp6 0 0 server01.server.local:www 202.146.146.3%161:47969 VERBUNDEN 27398/apache2
tcp6 0 0 server01.server.local:www vwp1469.webpack.h:38932 VERBUNDEN 30574/apache2
tcp6 0 0 server01.server.local:www 213.188.134.25%16:38830 VERBUNDEN 29963/apache2
tcp6 0 0 server01.server.local:www 178-191-220-159.a:49446 TIME_WAIT -
tcp6 0 0 server01.server.local:www p3nlhg620.shr.pro:35230 FIN_WAIT2 -
tcp6 0 0 server01.server.local:www mail.agrg.kz:52103 VERBUNDEN 30361/apache2
tcp6 0 0 server01.server.local:www mailgw.atec.at:47342 VERBUNDEN 29965/apache2
tcp6 0 0 server01.server.local:www procyon.dreamhost:47246 VERBUNDEN 29441/apache2
tcp6 0 0 ip6-localhost:45119 ip6-localhost:http-alt TIME_WAIT -
tcp6 0 0 server01.server.local:www vwp1469.webpack.h:38643 FIN_WAIT2 -
tcp6 0 0 server01.server.local:www mailgw.atec.at:43855 VERBUNDEN 28884/apache2
tcp6 0 0 server01.server.local:www p3nlhg234.shr.pro:23188 VERBUNDEN 29962/apache2
tcp6 0 0 server01.server.local:www static-54-123-176:60915 VERBUNDEN 30685/apache2
tcp6 0 0 server01.server.local:www 5.10.83.50-static:50700 VERBUNDEN 30687/apache2
tcp6 0 0 server01.server.local:www mailgw.atec.at:29174 VERBUNDEN 29739/apache2
tcp6 0 0 server01.server.local:www 194-69-193-147.ho:49042 VERBUNDEN 30688/apache2
tcp6 0 0 server01.server.local:www 146.225.255.178.s:47132 VERBUNDEN 28514/apache2
tcp6 0 0 server01.server.local:www vps9204.xlshostin:48972 VERBUNDEN 30570/apache2
tcp6 0 0 server01.server.local:www linuxserver.jmcse:55034 FIN_WAIT2 -
tcp6 0 0 server01.server.local:www mailgw.atec.at:21092 VERBUNDEN 29945/apache2
tcp6 0 0 server01.server.local:www wwcfdc.com:43405 VERBUNDEN 29964/apache2
tcp6 0 0 server01.server.local:www p5DE441F8.dip0.t-:12225 FIN_WAIT2 -
tcp6 0 0 server01.server.local:www static-54-123-176:60873 TIME_WAIT -
tcp6 0 0 server01.server.local:www vps9204.xlshostin:42210 FIN_WAIT2 -
tcp6 0 0 server01.server.local:www crawl-66-249-72-9:57833 VERBUNDEN 24078/apache2
tcp6 1 0 server01.server.local:www p5DE441F8.dip0.t-:16193 CLOSE_WAIT 30533/apache2
tcp6 0 0 server01.server.local:www mailgw.atec.at:13022 TIME_WAIT -
tcp6 1 0 server01.server.local:www 142245.vs.webtrop:57858 CLOSE_WAIT 30409/apache2
tcp6 0 0 server01.server.local:www ds7122.dedicated.:47607 VERBUNDEN 30681/apache2
tcp6 0 0 server01.server.local:www static.148.150.9.:39058 VERBUNDEN 10552/apache2
tcp6 0 0 server01.server.local:www 194-69-193-147.ho:47863 FIN_WAIT2 -
tcp6 0 0 server01.server.local:www img-spider-37-140:33092 VERBUNDEN 22211/apache2
tcp6 0 0 server01.server.local:www 194-69-193-147.ho:47378 FIN_WAIT2 -
tcp6 0 0 server01.server.local:www vps.o2c.net:40969 VERBUNDEN 29659/apache2
tcp6 0 0 server01.server.local:www mailgw.atec.at:50326 VERBUNDEN 30683/apache2
tcp6 0 0 server01.server.local:www p3nlhg234.shr.pro:22197 FIN_WAIT2 -
tcp6 0 0 server01.server.local:www srv5.server5.info:56828 VERBUNDEN 27833/apache2
tcp6 0 0 server01.server.local:www ns2319856.ovh.net:52180 VERBUNDEN 28126/apache2
tcp6 0 0 server01.server.local:www 194-69-193-147.ho:48783 VERBUNDEN 30443/apache2
tcp6 0 0 server01.server.local:www mailgw.atec.at:8669 VERBUNDEN 29760/apache2
tcp6 0 0 server01.server.local:www ds7122.dedicated.:47268 FIN_WAIT2 -
tcp6 0 0 server01.server.local:www mailgw.atec.at:5730 VERBUNDEN 30682/apache2
tcp6 0 0 server01.server.local:www mailgw.atec.at:8250 VERBUNDEN 30667/apache2
tcp6 0 0 server01.server.local:www mailgw.atec.at:33556 VERBUNDEN 29958/apache2
tcp6 0 0 server01.server.local:www p3nlhg620.shr.pro:36346 VERBUNDEN 28638/apache2
tcp6 0 0 server01.server.local:www kansas.sweb.ru:36756 VERBUNDEN 25824/apache2
tcp6 0 0 server01.server.local:www rs207165.rs.hoste:53312 VERBUNDEN 29160/apache2
tcp6 0 0 server01.server.local:www navi.beget.ru:37873 VERBUNDEN 29959/apache2
tcp6 0 0 server01.server.local:www n1nlhg018.shr.pro:23380 FIN_WAIT2 -
tcp6 0 0 server01.server.local:www vh19.sweb.ru:35632 VERBUNDEN 23114/apache2
tcp6 0 0 server01.server.local:www procyon.dreamhost:48789 VERBUNDEN -
tcp6 0 0 server01.server.local:www h47.hvosting.ua:42209 VERBUNDEN -
tcp6 0 0 server01.server.local:www vh19.sweb.ru:35632 VERBUNDEN 23114/apache2

postqueue -p:
loads much entrys, ... but i also have done a postqueue -f, without any results..

a script who checks the mail() function in php, i also have built in...

how the attacker can adds mails to the mailqueue??

i think the attacker (from the php scripts) uses Shell in php Format.

how i can disable the mailsystem completely (except sendmail)?

can you help me? what i can do?



many greets

Last edited by iceget; 27th August 2013 at 09:48.
Reply With Quote
Sponsored Links
  #2  
Old 27th August 2013, 10:04
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Quote:
how i can disable the mailsystem completely (except sendmail)?
The attacker is only using the sendmail wrapper, so deactivating the mailsystem while leaving sendmail wraper will not change anything.

I recommend to install apache mod_security to protect your sites from these attacks.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 27th August 2013, 10:07
Croydon Croydon is offline
ISPConfig Developer
 
Join Date: Jul 2007
Location: Koblenz, Germany
Posts: 932
Thanks: 16
Thanked 264 Times in 208 Posts
Default

Quote:
Originally Posted by iceget View Post
postqueue -p:
loads much entrys, ... but i also have done a postqueue -f, without any results..
postqueue -f just tries to send all mails in the mail queue immediatly.
I think you wanted to clear the mail queue (delete all mails there).
The command for that is postsuper -d ALL
__________________
Marius Cramer

pixcept KG
Reply With Quote
The Following User Says Thank You to Croydon For This Useful Post:
iceget (27th August 2013)
  #4  
Old 27th August 2013, 12:46
iceget iceget is offline
Member
 
Join Date: Feb 2008
Posts: 78
Thanks: 2
Thanked 0 Times in 0 Posts
Default

thank you, now all emails are deleted.

Quote:
Originally Posted by Croydon View Post
postqueue -f just tries to send all mails in the mail queue immediatly.
I think you wanted to clear the mail queue (delete all mails there).
The command for that is postsuper -d ALL
Reply With Quote
  #5  
Old 27th August 2013, 12:47
iceget iceget is offline
Member
 
Join Date: Feb 2008
Posts: 78
Thanks: 2
Thanked 0 Times in 0 Posts
Default

hello till,

now i have deleted all Messages, but the Queue is still filling with Messages, ...

question1:
if, how i can deactivate completely the wrapper so that nobody can send via sendmail (only via phpmail e.g over a other Server)

question2:
how i can install the mod_security on my ispconfig?

Quote:
Originally Posted by till View Post
The attacker is only using the sendmail wrapper, so deactivating the mailsystem while leaving sendmail wraper will not change anything.

I recommend to install apache mod_security to protect your sites from these attacks.
Reply With Quote
  #6  
Old 27th August 2013, 12:51
Croydon Croydon is offline
ISPConfig Developer
 
Join Date: Jul 2007
Location: Koblenz, Germany
Posts: 932
Thanks: 16
Thanked 264 Times in 208 Posts
Default

First you should try to find out where the mails come from.
The mails, that are pending for sending are in /var/spool/postfix/active/ or in /var/spool/postfix/deferred/ if they could not be sent.

Open one of those files in there and have a look at the mail headers.
Is there something like "X-PHP-Script" or "authenticated sender" or something like that?

Blindly shutting down functions without knowing the reason of the spam is not the best idea I think.
__________________
Marius Cramer

pixcept KG
Reply With Quote
  #7  
Old 27th August 2013, 14:13
iceget iceget is offline
Member
 
Join Date: Feb 2008
Posts: 78
Thanks: 2
Thanked 0 Times in 0 Posts
Default

hello croydon,

thanks for your answer!

my mainproblem:
i had a ispconfig 2 install with 400 Domains. on 20% percent on this 400 Domains, safemode was off.

the last 5 years, each Website was infected with spamscript over old joomla Domains. now i have deleted all (i has found) scripts, but 100% clean was not done, so we have new spamscripts on new Server. so i cannot find from each web (over 20.000 files) the infected files (i have scanned with much Scanners, no solution)...

do you mean that is not the best solution in this case? im on a blacklist with the web Server only, ...

thanks

Quote:
Originally Posted by Croydon View Post
First you should try to find out where the mails come from.
The mails, that are pending for sending are in /var/spool/postfix/active/ or in /var/spool/postfix/deferred/ if they could not be sent.

Open one of those files in there and have a look at the mail headers.
Is there something like "X-PHP-Script" or "authenticated sender" or something like that?

Blindly shutting down functions without knowing the reason of the spam is not the best idea I think.
Reply With Quote
  #8  
Old 27th August 2013, 14:22
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Quote:
do you mean that is not the best solution in this case? im on a blacklist with the web Server only, ...
Install apache mod_security like I mentioned above to stop the spammers. Also make sure that you use as php mode for the sites php-fcgi or php-fpm and that suexec is enabled.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 27th August 2013, 14:50
Croydon Croydon is offline
ISPConfig Developer
 
Join Date: Jul 2007
Location: Koblenz, Germany
Posts: 932
Thanks: 16
Thanked 264 Times in 208 Posts
Default

Ok.

1.) Have you tried using maldet to scan?

2.) You could try to disable php functions like exec, system, mail etc. in php.ini but this will prevent all webs from sending mail through php if they do not use SMTP.

3.) You should anyway check what the source of the mails is.
__________________
Marius Cramer

pixcept KG
Reply With Quote
  #10  
Old 27th August 2013, 16:50
iceget iceget is offline
Member
 
Join Date: Feb 2008
Posts: 78
Thanks: 2
Thanked 0 Times in 0 Posts
 
Default

hello till,

thank you. suexec is active, and php-fcgi is active.

how i can install mod_security? do you have some Setup for ispconfig 3?

thanks

Quote:
Originally Posted by till View Post
Install apache mod_security like I mentioned above to stop the spammers. Also make sure that you use as php mode for the sites php-fcgi or php-fpm and that suexec is enabled.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
The Perfect Server - Debian Wheezy (nginx, BIND, Dovecot, ISPConfig 3) issues acidr4in HOWTO-Related Questions 7 24th August 2013 01:03
Problem access ispconfig url wearth General 1 30th May 2013 14:50
Diagnose sporadic high load (ubuntu 9.10, ISPConfig 3 setup) salami Server Operation 6 11th June 2010 14:24
Loads of mysql connections to dbispconfig StrikerNL General 2 5th March 2009 15:31
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 15:42


All times are GMT +2. The time now is 04:40.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.