www-data user 100% CPU

Discussion in 'Installation/Configuration' started by fbessone, Dec 10, 2013.

  1. fbessone

    fbessone New Member

    Hello,

    i'm experiencing 100% CPU usage from www-data user.
    command top:
    Code:
    Tasks:  99 total,   3 running,  96 sleeping,   0 stopped,   0 zombie
    Cpu(s): 78.6%us, 21.4%sy,  0.0%ni,  0.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
    Mem:   1036092k total,   831372k used,   204720k free,    51652k buffers
    Swap:   746980k total,        0k used,   746980k free,   341864k cached
    
      PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
    
    [B]22624 www-data  20   0  4924 2524  896 R 99.7  0.2  18:29.25 perl[/B]
    
        1 root      20   0  2104  688  588 S  0.0  0.1   0:01.64 init
        2 root      15  -5     0    0    0 S  0.0  0.0   0:00.00 kthreadd
        3 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/0
        4 root      15  -5     0    0    0 S  0.0  0.0   0:00.02 ksoftirqd/0
        5 root      RT  -5     0    0    0 S  0.0  0.0   0:00.10 watchdog/0
    In this forum i've read PHP 5.x Remote Code Execution Exploit ...
    i would like to fix this ... but ...
    how can i do ? Do i have to update PHP ?
     
  2. concept21

    concept21 Member HowtoForge Supporter

    Have you enabled suexec module for apache? It can block many things.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

  4. fbessone

    fbessone New Member

    Thanks,
    i infact did a apt-get update and upgrade
    but the problem is still there

    how can i update php to a safe version ?
     
  5. fbessone

    fbessone New Member

    Solved

    Thanks ...
    i'm running a debian lenny and a apt-get update & apt-get upgrade did not solve the problem.
    Yes i was running a vulnerable PHP version to PHP 5.x Remote Code Execution Exploit
    anyway i solved installing mod_security, following this tutorial

    http://www.faqforge.com/linux/apache-mod-security-installation-on-debian-6-0-squeeze/

    thanks !!!
    Now i'm just wondering how to update mod_security ruleset, but i'm not in hurry anymore ;)
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    lenny is not supported anymore with security updates, so an apt-get update and apt-get upgrade can not solve it unless you update to squeeze.
     

Share This Page