Hi ya,

I have a webserver that only has 1 domain on it which isn't fully working yet, and this morning I noticed it had a load of this

1:10pm up 3 days, 21:17, 1 user, load average: 244.47, 243.14, 240.64

Could this be a hard drive failing that is causing this?
When I do ps -ax I see loads of named and sendmail processes, but WHM hasn't been emailing me problems on the server.

I tried rebooting the server, but 2 hours later and still it hasn't processed the reboot commands I issued on the server :/

Any ideas what might be causing this?

James

What version of what operating system do you have? There have been some security holes recently which allow attackers to "crash" BIND and sendmail, which could explain what you are seeing.

hi ya

Thanks for the reply

The server is a RedHat 7.1 server (I originally requested RH6.2 but apparently my NIC won't work with it).

I am also using the latest stable build of DarkOrb's WHM/CPanel.

--James

This is what TOP gives me...


1:38pm up 3 days, 21:44, 1 user, load average: 251.85, 250.12, 247.32
309 processes: 304 sleeping, 1 running, 0 zombie, 4 stopped
CPU states: 0.5% user, 0.5% system, 0.0% nice, 98.8% idle
Mem: 512092K av, 367736K used, 144356K free, 0K shrd, 25088K buff
Swap: 530104K av, 28088K used, 502016K free 100248K cached

PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
21928 root 16 0 1212 1212 840 R 1.1 0.2 0:00 top
1 root 8 0 388 380 336 S 0.0 0.0 0:06 init
2 root 8 0 0 0 0 SW 0.0 0.0 0:00 keventd
3 root 9 0 0 0 0 SW 0.0 0.0 0:00 kapm-idled
4 root 9 0 0 0 0 SW 0.0 0.0 9:01 kswapd
5 root 9 0 0 0 0 SW 0.0 0.0 0:00 kreclaimd
6 root 9 0 0 0 0 SW 0.0 0.0 0:03 bdflush
7 root 9 0 0 0 0 SW 0.0 0.0 0:00 kupdated
8 root -1 -20 0 0 0 SW< 0.0 0.0 0:00 mdrecoveryd
73 root 9 0 0 0 0 SW 0.0 0.0 0:00 khubd
1103 root 9 0 2144 532 400 S 0.0 0.1 0:00 miniserv.pl
27236 root 8 0 120 8 8 S 0.0 0.0 0:00 crond
28025 root 8 0 3344 2684 1504 S 0.0 0.5 0:02 updated
28215 root 19 19 2116 1248 1064 S N 0.0 0.2 0:00 cpaneld
28216 root 9 0 1508 304 236 S 0.0 0.0 0:00 cpaneld
28219 root 9 0 632 4 4 S 0.0 0.0 0:00 webmaild
28229 root 9 0 940 444 368 S 0.0 0.0 0:00 whostmgrd
28239 root 9 0 1216 4 4 S 0.0 0.0 0:00 clustermgrd
28244 root 9 0 220 4 4 S 0.0 0.0 0:00 stunnel
28246 root 9 0 220 4 4 S 0.0 0.0 0:00 stunnel
28248 nobody 9 0 240 4 4 S 0.0 0.0 0:00 melange
28250 nobody 9 0 648 4 4 S 0.0 0.0 0:00 entropychat
2773 root 9 0 2288 2288 1940 D 0.0 0.4 0:00 exim
2819 named 9 0 2724 2724 1828 D 0.0 0.5 0:00 named
2876 root 9 0 2292 2292 1940 D 0.0 0.4 0:00 exim
2916 named 9 0 2724 2724 1824 D 0.0 0.5 0:00 named
2971 root 9 0 2292 2292 1940 D 0.0 0.4 0:00 exim
3011 named 9 0 2724 2724 1824 D 0.0 0.5 0:00 named
3066 root 9 0 2292 2292 1940 D 0.0 0.4 0:00 exim
3106 named 9 0 2724 2724 1824 D 0.0 0.5 0:00 named
3163 root 9 0 2292 2292 1940 D 0.0 0.4 0:00 exim
3203 named 9 0 2724 2724 1824 D 0.0 0.5 0:00 named
3267 root 9 0 2292 2292 1940 D 0.0 0.4 0:00 exim
3307 named 9 0 2724 2724 1824 D 0.0 0.5 0:00 named


--James

ok, what version of exim (or cpanel) are you using? Older versions of exim were vulnerable to DoS attacks similar to what you are seeing.

Hmmmm not sure

It is whatever is in the latest stable build of DarkOrb's CPanel - which I assume is the latest ones.

oooh was running
Cpanel-4.0.0-STABLE_61-Linux-i686-glibc-2.1.3-16mdk

but
Cpanel-4.0.0-STABLE_64-Linux-i686-glibc-2.1.3-16mdk
is out so I will install that.

See if it fixes it.

--James

ack

Mid install, the server got rebooted, then failed to come up again.

When it did, it sent me 140 apache/cpop/exim error messages that had been queued up, but all was well....
Until 4:00am this morning... CPU load was rising from 4.02 to 16.92 what it is now... and rising.

SSH isn't allowing me to enter the server, even tho I restarted the services in WHM.

All very frustrating. :/

--James

Somebody else on WHT mentioned they were having this problem with the latest build of CPanel

The server I am on has been having problems with webalizer running away. It would go to 99% cpu utilization on one cpu. The load has been being around 1.4 or so. This does make ssh sluggish, but it can still be used.

Rumor has it that it's being fixed as we speak, and should hopefully be better the next time the scripts autoupdate.