www-data user 100% CPU

Discussion in 'Installation/Configuration' started by fbessone, Dec 10, 2013.

  1. fbessone

    fbessone New Member

    Hello,

    i'm experiencing 100% CPU usage from www-data user.
    command top:
    Code:
    Tasks:  99 total,   3 running,  96 sleeping,   0 stopped,   0 zombie
    Cpu(s): 78.6%us, 21.4%sy,  0.0%ni,  0.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
    Mem:   1036092k total,   831372k used,   204720k free,    51652k buffers
    Swap:   746980k total,        0k used,   746980k free,   341864k cached
    
      PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
    
    [B]22624 www-data  20   0  4924 2524  896 R 99.7  0.2  18:29.25 perl[/B]
    
        1 root      20   0  2104  688  588 S  0.0  0.1   0:01.64 init
        2 root      15  -5     0    0    0 S  0.0  0.0   0:00.00 kthreadd
        3 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/0
        4 root      15  -5     0    0    0 S  0.0  0.0   0:00.02 ksoftirqd/0
        5 root      RT  -5     0    0    0 S  0.0  0.0   0:00.10 watchdog/0
    In this forum i've read PHP 5.x Remote Code Execution Exploit ...
    i would like to fix this ... but ...
    how can i do ? Do i have to update PHP ?
     
  2. concept21

    concept21 Member

    Have you enabled suexec module for apache? It can block many things.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

  4. fbessone

    fbessone New Member

    Thanks,
    i infact did a apt-get update and upgrade
    but the problem is still there

    how can i update php to a safe version ?
     
  5. fbessone

    fbessone New Member

    Solved

    Thanks ...
    i'm running a debian lenny and a apt-get update & apt-get upgrade did not solve the problem.
    Yes i was running a vulnerable PHP version to PHP 5.x Remote Code Execution Exploit
    anyway i solved installing mod_security, following this tutorial

    http://www.faqforge.com/linux/apache-mod-security-installation-on-debian-6-0-squeeze/

    thanks !!!
    Now i'm just wondering how to update mod_security ruleset, but i'm not in hurry anymore ;)
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    lenny is not supported anymore with security updates, so an apt-get update and apt-get upgrade can not solve it unless you update to squeeze.
     

Share This Page