ispconfig 3.1b2 - gone rogue because of aps install

Discussion in 'Installation/Configuration' started by Bonzo, Sep 3, 2016.

  1. Bonzo

    Bonzo New Member

    Hi,
    ipconfig is downloading aps and uses 100 % cpu

    Code:
    PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                            
    6915 ispconf+  20   0  736844  46676  19280 R 100.0  0.4   5826:45 php-cgi                            
      973 git       20   0 2573204 358756   5360 S   1.0  2.9  36:51.31 bundle                             
        7 root      20   0       0      0      0 S   0.3  0.0  12:16.38 rcu_sched                          
    18244 root      20   0  756816  52032  35232 S   0.3  0.4   0:01.22 apache2                            
    22567 root      20   0   26004   3160   2564 R   0.3  0.0   0:00.08 top                                
        1 root      20   0  111280   5000   2888 S   0.0  0.0   0:18.90 systemd    
    csf says process is suspicios

    Code:
    ime:    Sat Sep  3 09:00:27 2016 +0200
    PID:     6915 (Parent PID:6915)
    Account: ispconfig
    Uptime:  346401 seconds
    
    
    Executable:
    
    /usr/bin/php5-cgi
    
    
    Command Line (often faked in exploits):
    
    /usr/bin/php-cgi -d disable_classes= -d disable_functions= -d magic_quotes_gpc=off -d open_basedir= -d session.save_path=/usr/local/ispconfig/interface/temp
    
    
    Network connections by the process (if any):
    
    tcp: 37.120.173.74:58592 -> 199.115.107.45:80
    tcp: 37.120.173.74:58594 -> 199.115.107.45:80
    tcp: 37.120.173.74:58596 -> 199.115.107.45:80
    tcp: 37.120.173.74:58598 -> 199.115.107.45:80
    I've tried to kill the process but it starts again, where and how can I stop the aps thread
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    increment the value of the "updated" column in the ispconfig server table by 1 to skip the task in the datalog. If csf blocks the download process, then the aps installation will fail and might get stalled.
     

Share This Page