Web Hosting Talk






PDA

View Full Version : httpd and mysqld keeps failing!

Mysteerie
12-23-2004, 03:41 PM
Those two services keep failing everyday, several times a day especially in the morning around 7:00 - 10:00 AM.

I have about 35 accounts on the server and none really busy, my most active account has only 30 users online at any given time. Though he has a game on his message boards which causes lots of refreshes and at a fast rate.

Here is my.cnf:

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
skip-locking
skip-innodb
query_cache_limit=1M
query_cache_size=32M
query_cache_type=1
max_connections=500
interactive_timeout=100
wait_timeout=100
connect_timeout=10
thread_cache_size=128
key_buffer=16M
join_buffer=1M
max_allowed_packet=16M
table_cache=1024
record_buffer=1M
sort_buffer_size=2M
read_buffer_size=2M
read_rnd_buffer_size=512K
max_connect_errors=10
# Try number of CPU's*2 for thread_concurrency
thread_concurrency=2
myisam_sort_buffer_size=64M
log-bin
server-id=1

[mysql.server]
user=mysql
basedir=/var/lib

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/lib/mysql/mysql.pid
open_files_limit=8192

[mysqldump]
quick
max_allowed_packet=16M

[mysql]
no-auto-rehash
#safe-updates

[isamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M

[myisamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M

[mysqlhotcopy]
interactive-timeout

Here is TOP:

top - 11:14:25 up 22:22, 1 user, load average: 14.29, 13.72, 10.47
Tasks: 244 total, 10 running, 233 sleeping, 1 stopped, 0 zombie
Cpu(s): 67.8% us, 28.8% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, 3.4% si
Mem: 970848k total, 680712k used, 290136k free, 30708k buffers
Swap: 917272k total, 3088k used, 914184k free, 413024k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
8749 mysql 16 0 98436 27m 3756 R 32.8 2.9 0:02.87 mysqld
5596 mysql 16 0 98744 27m 3756 S 26.2 2.9 0:13.71 mysqld
9655 nobody 15 0 14048 8108 10m S 13.1 0.8 0:00.12 httpd
9462 mysql 16 0 98436 27m 3756 S 8.2 2.9 0:00.96 mysqld
9630 nobody 15 0 14064 8148 10m S 4.9 0.8 0:00.47 httpd
9632 root 16 0 3448 1008 1624 R 3.3 0.1 0:00.43 top
9639 nobody 15 0 14044 8124 10m S 3.3 0.8 0:00.29 httpd
9653 nobody 15 0 13764 7788 10m S 3.3 0.8 0:00.03 httpd
3300 toastedg 15 0 6260 2928 4060 S 1.6 0.3 0:03.49 proftpd
9428 mysql 16 0 98436 27m 3756 S 1.6 2.9 0:01.16 mysqld
9442 mysql 17 0 98436 27m 3756 R 1.6 2.9 0:00.51 mysqld
9626 nobody 15 0 14616 8724 10m S 1.6 0.9 0:00.48 httpd
1 root 16 0 3160 460 1320 S 0.0 0.0 0:01.38 init
2 root 34 19 0 0 0 R 0.0 0.0 0:00.16 ksoftirqd/0
3 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 events/0
4 root 10 -10 0 0 0 S 0.0 0.0 0:00.00 khelper
5 root 15 -10 0 0 0 S 0.0 0.0 0:00.00 kacpid
19 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 kblockd/0
29 root 15 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
30 root 15 0 0 0 0 S 0.0 0.0 0:03.58 pdflush
32 root 15 -10 0 0 0 S 0.0 0.0 0:00.00 aio/0
20 root 15 0 0 0 0 S 0.0 0.0 0:00.00 khubd
31 root 15 0 0 0 0 S 0.0 0.0 0:18.96 kswapd0
105 root 25 0 0 0 0 S 0.0 0.0 0:00.00 kseriod
172 root 15 0 0 0 0 S 0.0 0.0 0:20.40 kjournald
1021 root 15 0 0 0 0 S 0.0 0.0 0:00.00 kjournald
1555 root 16 0 3088 568 1300 S 0.0 0.1 0:18.33 syslogd
1559 root 16 0 1932 448 1248 S 0.0 0.0 0:00.06 klogd
1592 root 16 0 1624 556 1300 S 0.0 0.1 0:00.14 rpc.idmapd
1661 nobody 16 0 5536 2196 3744 S 0.0 0.2 0:00.39 proftpd
1672 root 16 0 2868 740 1372 S 0.0 0.1 0:00.00 smartd
1681 root 19 0 2176 464 1240 S 0.0 0.0 0:00.00 acpid
2651 named 18 0 44268 9584 4776 S 0.0 1.0 0:00.00 named
2686 root 16 0 3952 1432 3440 S 0.0 0.1 0:00.00 sshd
2699 root 16 0 2896 828 1688 S 0.0 0.1 0:00.10 xinetd
2717 root 15 0 9436 3260 6116 S 0.0 0.3 0:03.06 chkservd
2779 mailnull 16 0 7528 1784 6284 S 0.0 0.2 0:00.18 exim


Here is my PIDOF httpd and mysqld:

root@hostname [~]# pidof mysqld
9463 9462 9461 9460 9459 9455 9454 9453 9452 9444 9442 9432 9430 9429 9428 9427 9424 9423 8811 8798 8795 8794 8788 8786 8784 8782 8762 8761 8753 8751 8749 8738 8718 8717 8716 8715 8708 8251 8250 8225 8224 8223 8221 8216 8214 8210 8208 8207 8202 8200 8198 8196 8192 8186 5727 5725 5718 5717 5714 5706 5705 5700 5698 5697 5693 5691 5690 5689 5684 5682 5678 5677 5676 5670 5669 5667 5664 5663 5661 5660 5653 5652 5651 5646 5643 5634 5626 5625 5622 5618 5612 5605 5603 5602 5601 5598 5596 5595 5594 5592 5591 5590 5589 5587 5586 5585 5582 5578 5577 5574 5572 5540 5539 5533 5532 5531 5530 5529 5515 5514 5512 5511 5510 5508 5506 5490 5487 5484 5479 5478 5474 5473 5472 5471 5469 5468 5464 5463 5462 5461 5460 5450 5449 5443 5441 5439 5433 5432 5431
root@hostname [~]# pidof httpd
9458 9457 9456 9449 9448 9443 9426 9425 9422 9421 9420 9419 9418 9417 9416 9415 9414 9413 9412 9411 9410 9409 9408 9407 9406 9405 9404 9403 9391 9389 9388 9387 9386 9385 9384 9383 9382 9375 9374 9373 9372 9370 9369 9368 9270 9251 9250 9248 9246 9245 9244 9224 9223 9221 9206 9205 9204 9203 9202 9201 9190 9189 9188 9187 9186 9185 9152 9151 9150 9149 9148 9147 9146 9145 9144 9143 9142 9141 9140 9139 9138 9137 9136 9134 8953 8952 8950 8943 8942 8940 8937 8928 8927 8924 8923 8920 8919 8918 8916 8915 8914 8913 8912 8911 8910 8909 8908 8907 8906 8905 8904 8903 8902 8901 8900 8899 8898 8897 8896 8895 8894 8890 8889 8888 8887 8886 8885 8884 8883 8882 8880 8879 8878 8877 8876 8875 8874 8873 8871 8870 8869 8868 8867 8866 8865 8863 8862 8861 8860 8859 8851


I also have ps -ax | grep mysql but has too many entries to post. Please someone really help me, it's driving me nuts, thank you so much!
Wehodef
12-23-2004, 04:07 PM
Hi,

Please do this and tell me what you have for each :

# cat /proc/cpuinfo
# ps auxw | grep httpd | wc -l
# netstat -tanp | grep ESTABLISHED | grep http | wc -l
# netstat -tanp | grep ESTABLISHED | grep http | awk {'print $5'} | sort -n
# netstat -tanp | grep "httpd" | grep -v ESTABLISHED
# tail -f /usr/local/apache/logs/*_log


How is your server's ping ? Do you have packet loss ?
How is your KeepAlive ? On or Off ?

Thx.
Mysteerie
12-23-2004, 04:28 PM
Here is cat /proc/cpuinfo:

root@hostname [~]# cat /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 6
model : 8
model name : AMD Athlon(tm) XP 2400+
stepping : 1
cpu MHz : 2020.635
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 mmx fxsr sse syscall mmxext 3dnowext 3dnow
bogomips : 3997.69


Here is ps auxw | grep httpd | wc -l

root@hostname [~]# ps auxw | grep httpd | wc -l
13

root@hostname [~]# netstat -tanp | grep ESTABLISHED | grep http | wc -l
0

Here is netstat -tanp | grep ESTABLISHED | grep http | awk {'print $5'} | sort -n

root@hostname [~]# netstat -tanp | grep ESTABLISHED | grep http | awk {'print $5'} | sort -n
4.61.184.45:1585
66.8.183.230:3623
213.113.78.205:2025

Here is netstat -tanp | grep "httpd" | grep -v ESTABLISHED

root@hostname [~]# netstat -tanp | grep "httpd" | grep -v ESTABLISHED
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 12942/httpd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 12942/httpd
tcp 0 3042 208.53.170.53:80 195.93.32.9:55855 FIN_WAIT1 17145/httpd
tcp 0 6 208.53.170.53:80 24.117.176.32:3149 FIN_WAIT1 12949/httpd


Getting last stuff, it's big and it might explain a few things to me. :)
Wehodef
12-23-2004, 04:49 PM
So, i see that you dont have much connections. Pretty funny.
I dont see much things, i waiting for the last one.

Perhaps a synflood attack depends on what # tail -f /usr/local/apache/logs/*_log will show us.

Do you have any packet loss ?
is your server pinging ? cause the load is huge,
have you cked if any gzip file hasnt went wrong when copied mod_gzip as sometimes a bug)?
Have you chked mail queue ?
Have you installed to big file in a partition of one/several drives ?
Where is your backup situated ? (if its under another dir than one of the /home ones it might cause issues)

Check and tell me please.
Mysteerie
12-23-2004, 04:54 PM
Yea still trying to get the last run, but it's still running SSH! It's huge I can't copy it all. I think the file is 300MB big.

Keep Alive is off (but that is the only configuration I did in httpd.conf).

Packet loss and ping is average, I get under 100ms, and maybe one packet loss once in a while.

have you cked if any gzip file hasnt went wrong when copied mod_gzip as sometimes a bug)?

Sorry how would I do that?

Mail queue has barely anything in it or nothing at sometimes. Average mail is about 500 in and 500 out per week.

Only got on drive (trying to get a second next month), will get it right away if could improve performance greatly.

2 partions were installed by the Datacenter, only /home/ and then everything else.

Don't run backup's (automatically), i do allow my members to run backup through cpanel in thier home directory.
Wehodef
12-23-2004, 05:30 PM
Ok need to see if somebody is dl any files or something, if someones running a suspicious script. (for this need a preview of your huge file ^^)

Else,
Tell me for i want o be sure you dont have any loss :
# ps auxw
# netstat -tanpu

# time telnet localhost 80 (just to see you average answer)
# tail -f /var/log/messages

Other i need just some of the file and if its too big, just tell me if you had installed a too big script (sofware....) in a partition :
# ls -lh --sort=size|head

To verify for mod_gzip :
# ls -l /tmp/*.wrk
and tell me.
Is your /temp folder big ?


Regards.
Mysteerie
12-23-2004, 05:43 PM
Oh sorry I thought that command would end itself, I found out it ws just keeping uptodate and errors were coming in every second. Here is the last one:

Here is tail -f /usr/local/apache/logs/*_log

root@hostname [~]# tail -f /usr/local/apache/logs/*_log
==> /usr/local/apache/logs/access_log <==
127.0.0.1 - - [23/Dec/2004:13:10:38 -0800] "GET / HTTP/1.0" 200 2973
127.0.0.1 - - [23/Dec/2004:13:15:02 -0800] "GET /whm-server-status HTTP/1.0" 200 16210
127.0.0.1 - - [23/Dec/2004:13:19:04 -0800] "GET / HTTP/1.0" 200 2973
127.0.0.1 - - [23/Dec/2004:13:20:01 -0800] "GET /whm-server-status HTTP/1.0" 200 16170
127.0.0.1 - - [23/Dec/2004:13:25:03 -0800] "GET /whm-server-status HTTP/1.0" 200 16101
127.0.0.1 - - [23/Dec/2004:13:27:26 -0800] "GET / HTTP/1.0" 200 2973
127.0.0.1 - - [23/Dec/2004:13:30:22 -0800] "GET /whm-server-status HTTP/1.0" 200 16008
127.0.0.1 - - [23/Dec/2004:13:35:01 -0800] "GET /whm-server-status HTTP/1.0" 200 15813
127.0.0.1 - - [23/Dec/2004:13:35:49 -0800] "GET / HTTP/1.0" 200 2973
127.0.0.1 - - [23/Dec/2004:13:40:01 -0800] "GET /whm-server-status HTTP/1.0" 200 15968

==> /usr/local/apache/logs/error_log <==
[Thu Dec 23 13:40:46 2004] [error] [client 66.230.115.222] File does not exist: /home/gamefaq2/public_html/style/gamefaqs.css
[Thu Dec 23 13:40:46 2004] [error] [client 66.230.115.222] File does not exist: /home/gamefaq2/public_html/404.shtml
[Thu Dec 23 13:40:51 2004] [error] [client 68.45.148.197] File does not exist: /home/gamefaq2/public_html/boards/images/ad57.jpg
[Thu Dec 23 13:40:51 2004] [error] [client 68.45.148.197] File does not exist: /home/gamefaq2/public_html/boards/404.shtml
[Thu Dec 23 13:40:56 2004] [error] [client 66.8.183.230] File does not exist: /home/gamefaq2/public_html/boards/images/ad46.jpg
[Thu Dec 23 13:40:56 2004] [error] [client 66.8.183.230] File does not exist: /home/gamefaq2/public_html/boards/404.shtml
[Thu Dec 23 13:41:03 2004] [error] [client 172.172.177.33] File does not exist: /home/gamefaq2/public_html/boards/favicon.ico
[Thu Dec 23 13:41:03 2004] [error] [client 172.172.177.33] File does not exist: /home/gamefaq2/public_html/boards/404.shtml
[Thu Dec 23 13:41:08 2004] [error] [client 24.125.8.49] File does not exist: /home/gamefaq1/public_html/favicon.ico
[Thu Dec 23 13:41:08 2004] [error] [client 12.215.123.150] File does not exist: /home/nnextco/public_html/favicon.ico

==> /usr/local/apache/logs/ssl_engine_log <==
[23/Dec/2004 11:58:46 12941] [info] Init: Initializing OpenSSL library
[23/Dec/2004 11:58:46 12941] [info] Init: Seeding PRNG with 136 bytes of entropy
[23/Dec/2004 11:58:46 12941] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[23/Dec/2004 11:58:47 12941] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[23/Dec/2004 11:58:47 12942] [info] Init: 2nd startup round (already detached)
[23/Dec/2004 11:58:47 12942] [info] Init: Reinitializing OpenSSL library
[23/Dec/2004 11:58:47 12942] [info] Init: Seeding PRNG with 136 bytes of entropy
[23/Dec/2004 11:58:47 12942] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[23/Dec/2004 11:58:47 12942] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[23/Dec/2004 11:58:47 12942] [info] Init: Initializing (virtual) servers for SSL

==> /usr/local/apache/logs/suexec_log <==
[2004-12-23 13:41:02]: info: (target/actual) uid: (templeo/templeo) gid: (templeo/templeo) cmd: nph-p.cgi
[2004-12-23 13:41:02]: info: (target/actual) uid: (templeo/templeo) gid: (templeo/templeo) cmd: nph-p.cgi
[2004-12-23 13:41:02]: info: (target/actual) uid: (templeo/templeo) gid: (templeo/templeo) cmd: nph-p.cgi
[2004-12-23 13:41:02]: info: (target/actual) uid: (templeo/templeo) gid: (templeo/templeo) cmd: nph-p.cgi
[2004-12-23 13:41:02]: info: (target/actual) uid: (templeo/templeo) gid: (templeo/templeo) cmd: nph-p.cgi
[2004-12-23 13:41:03]: info: (target/actual) uid: (templeo/templeo) gid: (templeo/templeo) cmd: nph-p.cgi
[2004-12-23 13:41:03]: info: (target/actual) uid: (templeo/templeo) gid: (templeo/templeo) cmd: nph-p.cgi
[2004-12-23 13:41:03]: info: (target/actual) uid: (templeo/templeo) gid: (templeo/templeo) cmd: nph-p.cgi
[2004-12-23 13:41:07]: info: (target/actual) uid: (templeo/templeo) gid: (templeo/templeo) cmd: nph-p.cgi
[2004-12-23 13:41:07]: info: (target/actual) uid: (templeo/templeo) gid: (templeo/templeo) cmd: nph-p.cgi

==> /usr/local/apache/logs/error_log <==
[Thu Dec 23 13:41:08 2004] [error] [client 68.45.148.197] File does not exist: /home/gamefaq2/public_html/boards/favicon.ico
[Thu Dec 23 13:41:08 2004] [error] [client 68.45.148.197] File does not exist: /home/gamefaq2/public_html/boards/404.shtml
[Thu Dec 23 13:41:09 2004] [error] [client 12.215.123.150] File does not exist: /home/nnextco/public_html/favicon.ico
[Thu Dec 23 13:41:09 2004] [error] [client 12.215.123.150] File does not exist: /home/nnextco/public_html/favicon.ico
[Thu Dec 23 13:41:09 2004] [error] [client 68.8.77.3] File does not exist: /home/bihira/public_html/favicon.ico
[Thu Dec 23 13:41:09 2004] [error] [client 68.8.77.3] File does not exist: /home/bihira/public_html/404.shtml
[Thu Dec 23 13:41:10 2004] [error] [client 68.45.148.197] File does not exist: /home/gamefaq2/public_html/boards/favicon.ico
[Thu Dec 23 13:41:10 2004] [error] [client 68.45.148.197] File does not exist: /home/gamefaq2/public_html/boards/404.shtml
[Thu Dec 23 13:41:10 2004] [error] [client 12.215.123.150] File does not exist: /home/nnextco/public_html/favicon.ico
[Thu Dec 23 13:41:13 2004] [error] [client 12.215.123.150] File does not exist: /home/nnextco/public_html/favicon.ico
[Thu Dec 23 13:41:15 2004] [error] [client 12.215.123.150] File does not exist: /home/nnextco/public_html/favicon.ico
[Thu Dec 23 13:41:15 2004] [error] [client 172.172.177.33] File does not exist: /home/gamefaq2/public_html/boards/favicon.ico
[Thu Dec 23 13:41:15 2004] [error] [client 172.172.177.33] File does not exist: /home/gamefaq2/public_html/boards/404.shtml
[Thu Dec 23 13:41:16 2004] [error] [client 159.134.207.96] File does not exist: /home/gamefaq1/public_html/favicon.ico
[Thu Dec 23 13:41:18 2004] [error] [client 12.215.123.150] File does not exist: /home/nnextco/public_html/favicon.ico
[Thu Dec 23 13:41:19 2004] [error] [client 12.215.123.150] File does not exist: /home/nnextco/public_html/favicon.ico
[Thu Dec 23 13:41:21 2004] [error] [client 66.230.115.222] File does not exist: /home/gamefaq2/public_html/boards/images/ad46.jpg
[Thu Dec 23 13:41:21 2004] [error] [client 66.230.115.222] File does not exist: /home/gamefaq2/public_html/boards/404.shtml
[Thu Dec 23 13:41:21 2004] [error] [client 68.34.67.203] File does not exist: /home/gamefaq2/public_html/images/favicon.ico
[Thu Dec 23 13:41:21 2004] [error] [client 68.34.67.203] File does not exist: /home/gamefaq2/public_html/404.shtml
[Thu Dec 23 13:41:22 2004] [error] [client 68.34.67.203] File does not exist: /home/gamefaq2/public_html/style/gamefaqs.css
[Thu Dec 23 13:41:22 2004] [error] [client 68.34.67.203] File does not exist: /home/gamefaq2/public_html/404.shtml
[Thu Dec 23 13:41:22 2004] [error] [client 68.34.67.203] File does not exist: /home/gamefaq2/public_html/style/gamefaqs.css
[Thu Dec 23 13:41:22 2004] [error] [client 68.34.67.203] File does not exist: /home/gamefaq2/public_html/404.shtml
[Thu Dec 23 13:41:22 2004] [error] [client 24.161.115.71] File does not exist: /home/fearkill/public_html/favicon.ico
[Thu Dec 23 13:41:22 2004] [error] [client 24.161.115.71] File does not exist: /home/fearkill/public_html/404.shtml
[Thu Dec 23 13:41:23 2004] [error] [client 172.172.177.33] File does not exist: /home/gamefaq2/public_html/boards/favicon.ico
[Thu Dec 23 13:41:23 2004] [error] [client 172.172.177.33] File does not exist: /home/gamefaq2/public_html/boards/404.shtml
[Thu Dec 23 13:41:27 2004] [error] [client 172.172.177.33] File does not exist: /home/gamefaq2/public_html/boards/images/ad46.jpg
[Thu Dec 23 13:41:27 2004] [error] [client 172.172.177.33] File does not exist: /home/gamefaq2/public_html/boards/404.shtml

==> /usr/local/apache/logs/suexec_log <==
[2004-12-23 13:41:27]: info: (target/actual) uid: (templeo/templeo) gid: (templeo/templeo) cmd: nph-p.cgi

==> /usr/local/apache/logs/error_log <==
[Thu Dec 23 13:41:31 2004] [error] [client 68.34.67.203] File does not exist: /home/gamefaq2/public_html/boards/favicon.ico
[Thu Dec 23 13:41:31 2004] [error] [client 68.34.67.203] File does not exist: /home/gamefaq2/public_html/boards/404.shtml

root@hostname [~]#


It could go on and keep logging on and coming in, but I did ctrl+c to stop it.

Let me do those following things in your new statment.
LoganNZ
12-23-2004, 05:55 PM
http attack?
Mysteerie
12-23-2004, 05:58 PM
Here is ps auxw

root@hostname [~]# ps auxw
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 3160 460 ? S Dec22 0:01 init [3]
root 2 0.0 0.0 0 0 ? SWN Dec22 0:00 [ksoftirqd/0]
root 3 0.0 0.0 0 0 ? SW< Dec22 0:00 [events/0]
root 4 0.0 0.0 0 0 ? SW< Dec22 0:00 [khelper]
root 5 0.0 0.0 0 0 ? SW< Dec22 0:00 [kacpid]
root 19 0.0 0.0 0 0 ? SW< Dec22 0:00 [kblockd/0]
root 29 0.0 0.0 0 0 ? SW Dec22 0:00 [pdflush]
root 32 0.0 0.0 0 0 ? SW< Dec22 0:00 [aio/0]
root 20 0.0 0.0 0 0 ? SW Dec22 0:00 [khubd]
root 31 0.0 0.0 0 0 ? SW Dec22 0:21 [kswapd0]
root 105 0.0 0.0 0 0 ? SW Dec22 0:00 [kseriod]
root 172 0.0 0.0 0 0 ? SW Dec22 0:22 [kjournald]
root 1021 0.0 0.0 0 0 ? SW Dec22 0:00 [kjournald]
root 1555 0.0 0.0 3088 568 ? S Dec22 0:19 syslogd -m 0
root 1559 0.0 0.0 1932 448 ? S Dec22 0:00 klogd -x
root 1592 0.0 0.0 1624 556 ? S Dec22 0:00 rpc.idmapd
nobody 1661 0.0 0.2 5536 2196 ? SL Dec22 0:00 proftpd: (accepting connections)
root 1672 0.0 0.0 2868 740 ? S Dec22 0:00 /usr/sbin/smartd
root 1681 0.0 0.0 2176 464 ? S Dec22 0:00 /usr/sbin/acpid
named 2651 0.0 0.9 44268 9584 ? S Dec22 0:00 /usr/sbin/named -u named
root 2686 0.0 0.1 3952 1432 ? S Dec22 0:00 /usr/sbin/sshd
root 2699 0.0 0.0 2896 828 ? S Dec22 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
root 2717 0.0 0.3 9436 3260 ? S Dec22 0:03 chkservd
mailnull 2779 0.0 0.1 7528 1784 ? S Dec22 0:00 /usr/sbin/exim -bd -q60m
mailnull 2784 0.0 0.1 6804 1768 ? S Dec22 0:00 /usr/sbin/exim -bd -oX 26
mailnull 2788 0.0 0.1 8712 1748 ? S Dec22 0:00 /usr/sbin/exim -tls-on-connect -bd -oX 465
root 2795 0.0 0.1 4764 1660 ? S Dec22 0:05 antirelayd
root 2815 0.0 2.3 26500 22756 ? S Dec22 0:00 /usr/bin/spamd -d --allowed-ips=127.0.0.1 --pidfile=/var/run/spamd.pi
root 2832 0.0 0.0 2976 660 ? S Dec22 0:00 crond
mailnull 3109 0.0 0.4 7072 4740 ? S Dec22 0:02 /usr/bin/perl /usr/local/cpanel/bin/eximstats
root 3114 0.0 2.4 27040 23344 ? S Dec22 0:04 spamd child
root 3115 0.0 2.4 27028 23332 ? S Dec22 0:04 spamd child
root 3116 0.0 2.4 27028 23332 ? S Dec22 0:04 spamd child
root 3117 0.0 2.4 27060 23340 ? S Dec22 0:04 spamd child
root 3118 0.0 2.4 27004 23324 ? S Dec22 0:04 spamd child
root 3120 0.0 0.6 10940 6564 ? S Dec22 0:02 cppop - accepting on port 110
root 3135 0.0 1.2 15244 12276 ? SN Dec22 0:55 cpanellogd - setting up logs for cursedsa
root 3140 0.0 0.6 7812 6492 ? S Dec22 0:00 cppop - accepting on port 110
nobody 3144 0.0 0.2 4052 2504 ? S Dec22 0:00 entropychat
nobody 3148 0.0 0.0 1620 588 ? S Dec22 0:00 /usr/local/cpanel/bin/startmelange
postgres 3328 0.0 0.2 20592 2040 ? S Dec22 0:00 /usr/bin/postmaster -p 5432 -D /var/lib/pgsql/data
postgres 3330 0.0 0.1 11392 1832 ? S Dec22 0:00 postgres: stats buffer process
postgres 3331 0.0 0.1 10400 1876 ? S Dec22 0:00 postgres: stats collector process
mailman 3332 0.0 0.5 8692 5400 ? S Dec22 0:00 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl -s
dbus 3340 0.0 0.0 2940 804 ? S Dec22 0:00 dbus-daemon-1 --system
mailman 3345 0.0 0.5 8004 5304 ? S Dec22 0:03 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --run
mailman 3346 0.0 0.5 8984 5336 ? S Dec22 0:04 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --run
mailman 3347 0.0 0.5 9096 5308 ? S Dec22 0:04 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --run
mailman 3348 0.0 0.5 8048 5372 ? S Dec22 0:04 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --run
mailman 3349 0.0 0.5 8984 5416 ? S Dec22 0:04 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --run
mailman 3350 0.0 0.5 9380 5396 ? S Dec22 0:04 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --run
mailman 3359 0.0 0.5 9236 5304 ? S Dec22 0:04 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --run
mailman 3360 0.0 0.5 8996 5372 ? S Dec22 0:00 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --run
root 3379 0.0 0.0 1420 476 ? S Dec22 0:00 /usr/sbin/portsentry -tcp
root 3400 0.0 0.0 2192 324 ? S Dec22 0:00 mdadm --monitor --scan
root 3422 0.0 0.6 10904 6112 ? S Dec22 0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.co
root 3426 0.0 0.0 1776 344 tty1 S Dec22 0:00 /sbin/mingetty tty1
root 3427 0.0 0.0 2856 344 tty2 S Dec22 0:00 /sbin/mingetty tty2
root 3428 0.0 0.0 1640 344 tty3 S Dec22 0:00 /sbin/mingetty tty3
root 3429 0.0 0.0 1932 340 tty4 S Dec22 0:00 /sbin/mingetty tty4
root 3430 0.0 0.0 2872 344 tty5 S Dec22 0:00 /sbin/mingetty tty5
root 3431 0.0 0.0 1412 340 tty6 S Dec22 0:00 /sbin/mingetty tty6
root 32583 0.0 0.1 3268 1232 ? S 01:46 0:00 postsuexecinstall - searching for suexec problems (878 min remain)
cpanel 19180 0.0 0.2 35212 1976 ? S 05:56 0:00 /usr/bin/stunnel-4.04local /usr/local/cpanel/etc/stunnel/default/stun
root 19199 0.0 0.7 8152 6828 ? S 05:56 0:01 cpsrvd - waiting for connections
root 2640 0.0 0.2 7780 2156 ? S 09:41 0:00 sshd: root@pts/0
root 2663 0.0 0.1 6556 1400 pts/0 S 09:41 0:00 -bash
root 21989 0.0 0.2 7776 2384 ? S 13:36 0:00 sshd: root@notty
root 21991 0.0 0.1 5096 992 ? S 13:36 0:00 /usr/libexec/openssh/sftp-server
root 22477 0.0 0.0 0 0 ? SW 13:45 0:00 [pdflush]
root 22544 0.0 0.0 0 0 ? SW< 13:46 0:00 [loop0]
root 22545 0.0 0.0 0 0 ? SW 13:46 0:00 [kjournald]
mysteeri 22589 0.0 0.6 10960 6676 ? S 13:48 0:00 cppop - serving 24.205.188.49 - TRANSACTION - mysteerie@mysteerie.org
root 22650 0.0 0.1 2056 1040 ? S 13:48 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-file=/var
mysql 22681 0.0 0.5 56568 5544 ? S 13:48 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
mysql 22682 0.0 0.5 56568 5544 ? S 13:48 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
mysql 22683 0.1 0.5 56568 5544 ? S 13:48 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
mysql 22694 8.6 0.5 56568 5544 ? S 13:48 0:17 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
mysql 22695 8.2 0.5 56568 5544 ? S 13:48 0:16 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
mysql 22698 9.3 0.5 56568 5544 ? S 13:48 0:18 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
mysql 22699 8.2 0.5 56568 5544 ? S 13:48 0:16 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
nnextco 22700 0.0 0.3 6392 3064 ? SL 13:48 0:00 proftpd: nnextco - 12.215.123.150: IDLE
mysql 22701 8.6 0.5 56568 5544 ? S 13:48 0:17 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
root 22720 0.0 0.7 13468 6796 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 22726 1.1 1.1 18948 11248 ? S 13:49 0:02 /usr/local/apache/bin/httpd -DSSL
nobody 22727 0.6 0.8 13780 7892 ? S 13:49 0:01 /usr/local/apache/bin/httpd -DSSL
nobody 22728 1.1 1.1 19004 11108 ? S 13:49 0:02 /usr/local/apache/bin/httpd -DSSL
nobody 22729 1.1 1.1 19044 11168 ? S 13:49 0:02 /usr/local/apache/bin/httpd -DSSL
nobody 22730 1.0 1.1 19004 11136 ? S 13:49 0:02 /usr/local/apache/bin/httpd -DSSL
nobody 22731 1.1 1.0 17716 9788 ? S 13:49 0:02 /usr/local/apache/bin/httpd -DSSL
nobody 22732 1.0 1.1 19016 11136 ? S 13:49 0:01 /usr/local/apache/bin/httpd -DSSL
nobody 22733 0.9 0.8 14288 8364 ? S 13:49 0:01 /usr/local/apache/bin/httpd -DSSL
nobody 22737 0.9 0.8 13880 7984 ? S 13:49 0:01 /usr/local/apache/bin/httpd -DSSL
nobody 22738 1.1 1.0 17552 9828 ? S 13:49 0:01 /usr/local/apache/bin/httpd -DSSL
cursedsa 22771 0.0 1.2 15244 12276 ? SN 13:49 0:00 cpanellogd - http logs for cursedsa
cursedsa 22772 0.0 1.2 15244 12284 ? SN 13:49 0:00 cpanellogd - http logs for cursedsa
cursedsa 22773 0.0 0.0 1380 376 ? SN 13:49 0:00 /usr/local/cpanel/bin/logrunner 2.0 /usr/local/cpanel/3rdparty/bin/en
cursedsa 22774 1.3 0.1 3308 1276 ? TN 13:49 0:02 /usr/local/cpanel/3rdparty/bin/english/webalizer -N 10 -D /home/curse
cursedsa 22779 0.0 0.1 3452 1432 ? SN 13:49 0:00 /usr/local/cpanel/3rdparty/bin/english/webalizer -N 10 -D /home/curse
cursedsa 22780 0.0 0.1 3452 1436 ? SN 13:49 0:00 /usr/local/cpanel/3rdparty/bin/english/webalizer -N 10 -D /home/curse
cursedsa 22781 0.0 0.1 3452 1436 ? SN 13:49 0:00 /usr/local/cpanel/3rdparty/bin/english/webalizer -N 10 -D /home/curse
cursedsa 22782 0.0 0.1 3452 1436 ? SN 13:49 0:00 /usr/local/cpanel/3rdparty/bin/english/webalizer -N 10 -D /home/curse
cursedsa 22783 0.0 0.1 3452 1436 ? SN 13:49 0:00 /usr/local/cpanel/3rdparty/bin/english/webalizer -N 10 -D /home/curse
cursedsa 22784 0.0 0.1 3452 1436 ? SN 13:49 0:00 /usr/local/cpanel/3rdparty/bin/english/webalizer -N 10 -D /home/curse
cursedsa 22785 0.0 0.1 3452 1436 ? SN 13:49 0:00 /usr/local/cpanel/3rdparty/bin/english/webalizer -N 10 -D /home/curse
cursedsa 22786 0.0 0.1 3452 1436 ? SN 13:49 0:00 /usr/local/cpanel/3rdparty/bin/english/webalizer -N 10 -D /home/curse
cursedsa 22787 0.0 0.1 3452 1436 ? SN 13:49 0:00 /usr/local/cpanel/3rdparty/bin/english/webalizer -N 10 -D /home/curse
cursedsa 22788 0.0 0.1 3452 1436 ? SN 13:49 0:00 /usr/local/cpanel/3rdparty/bin/english/webalizer -N 10 -D /home/curse
mysql 23025 6.2 0.5 56568 5544 ? S 13:50 0:04 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
nobody 23052 0.9 0.8 13780 7848 ? S 13:51 0:00 /usr/local/apache/bin/httpd -DSSL
cursedsa 23055 2.0 0.7 8556 7128 ? S 13:52 0:00 cpaneld - serving 69.208.250.249
cursedsa 23056 19.0 1.3 14336 13060 ? D 13:52 0:00 /usr/local/cpanel/cpanel ./frontend/x/index.html
root 23060 0.0 0.0 2684 736 pts/0 R 13:52 0:00 ps auxw

This command (netstat -tanpu) was too long for putty so it truncated it here is what I could copy:

tcp 0 0 208.53.170.53:80 68.91.122.35:4531 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4532 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4533 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4534 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3859 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4535 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3884 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3900 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3896 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4509 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4510 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4511 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3916 TIME_WAIT -
tcp 0 0 208.53.170.53:80 141.157.233.226:50562 TIME_WAIT -
tcp 0 0 208.53.170.53:80 80.164.88.73:64093 TIME_WAIT -
tcp 0 0 208.53.170.53:80 141.157.233.226:50561 TIME_WAIT -
tcp 0 0 208.53.170.53:80 141.157.233.226:50566 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3913 TIME_WAIT -
tcp 0 0 208.53.170.53:80 141.157.233.226:50565 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3914 TIME_WAIT -
tcp 0 0 208.53.170.53:80 141.157.233.226:50564 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3910 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3906 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3907 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3934 TIME_WAIT -
tcp 0 0 208.53.170.53:80 70.21.34.27:2005 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3931 TIME_WAIT -
tcp 0 0 208.53.170.53:21 12.215.123.150:2616 ESTABLISHED 22700/proftpd: nnex
tcp 0 0 208.53.170.53:80 66.8.183.230:3924 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3927 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3920 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3950 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3947 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4544 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4545 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3942 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4546 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4547 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4548 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.91.122.35:4549 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3966 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3967 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3958 TIME_WAIT -
tcp 0 269 208.53.170.53:80 159.134.207.36:1725 FIN_WAIT1 22733/httpd
tcp 0 0 208.53.170.53:80 66.8.183.230:3959 TIME_WAIT -
tcp 0 928 208.53.170.53:80 159.134.207.36:1724 FIN_WAIT1 22728/httpd
tcp 0 10220 208.53.170.53:80 159.134.207.36:1723 ESTABLISHED 22730/httpd
tcp 0 0 208.53.170.53:80 159.134.207.36:1722 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3955 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3982 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3983 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3979 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3971 TIME_WAIT -
tcp 0 7500 208.53.175.156:1122 24.205.188.49:2610 ESTABLISHED 2640/0
tcp 0 0 208.53.170.53:2082 69.208.250.249:63775 TIME_WAIT -
tcp 0 0 208.53.170.53:2082 69.208.250.249:63772 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3998 TIME_WAIT -
tcp 0 36501 208.53.170.53:80 81.155.100.181:1677 FIN_WAIT1 -
tcp 0 0 208.53.170.53:80 66.8.183.230:3999 TIME_WAIT -
tcp 0 0 208.53.170.53:2082 69.208.250.249:63766 TIME_WAIT -
tcp 0 0 208.53.170.53:2082 69.208.250.249:63767 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3990 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.8.183.230:3991 TIME_WAIT -
tcp 0 8442 208.53.170.53:80 66.8.183.230:4007 ESTABLISHED 22732/httpd
tcp 0 0 208.53.170.53:80 172.153.253.234:1390 TIME_WAIT -
tcp 0 0 208.53.170.53:80 141.157.233.226:50550 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.153.253.234:1389 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.153.253.234:1388 TIME_WAIT -
tcp 0 0 208.53.170.53:80 141.157.233.226:50555 TIME_WAIT -
tcp 0 0 208.53.170.53:80 141.157.233.226:50553 TIME_WAIT -
tcp 0 0 127.0.0.1:46112 127.0.0.1:783 TIME_WAIT -
tcp 0 0 208.53.170.53:80 205.251.66.17:63166 TIME_WAIT -
tcp 0 0 208.53.170.53:80 141.157.233.226:50559 TIME_WAIT -
tcp 0 0 208.53.170.53:80 205.251.66.17:63167 TIME_WAIT -
tcp 0 0 208.53.170.53:80 141.157.233.226:50557 TIME_WAIT -
tcp 0 0 208.53.170.53:80 205.251.66.17:63168 TIME_WAIT -
tcp 0 0 208.53.175.156:1122 24.205.188.49:1612 ESTABLISHED 21989/sshd: root@no
tcp 0 0 208.53.170.53:80 142.179.231.67:1726 TIME_WAIT -
tcp 0 0 208.53.170.53:80 138.96.249.65:34915 FIN_WAIT2 -
tcp 0 0 208.53.170.53:80 172.172.177.33:4996 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4992 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.81.183.113:2320 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4405 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4404 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4407 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.81.183.113:2319 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4406 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4403 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4402 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4413 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4412 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4415 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4414 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4409 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4408 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4411 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4410 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4420 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4417 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.31.76.84:59624 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4416 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4419 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.33.154.20:4418 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.249.65.1:65346 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.31.76.84:59644 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4397 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4399 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4393 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4395 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.31.76.84:59637 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4389 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4391 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4385 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.1.226.184:4974 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.1.226.184:4975 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4381 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.1.226.184:4972 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.1.226.184:4973 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4377 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.1.226.184:4968 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4379 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4373 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.1.226.184:4964 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.1.226.184:4965 TIME_WAIT -
tcp 0 1473 208.53.175.155:110 24.205.188.49:1749 FIN_WAIT1 -
tcp 0 0 208.53.170.53:80 69.242.105.77:4375 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.1.226.184:4963 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4369 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4371 TIME_WAIT -
tcp 0 0 208.53.170.53:80 66.249.65.1:65378 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4367 TIME_WAIT -
tcp 0 0 208.53.170.53:80 142.179.231.67:1736 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4361 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4363 TIME_WAIT -
tcp 0 0 208.53.170.53:80 142.179.231.67:1732 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4357 TIME_WAIT -
tcp 0 0 208.53.170.53:80 142.179.231.67:1734 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4359 TIME_WAIT -
tcp 0 0 208.53.170.53:80 142.179.231.67:1728 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4353 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4355 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62448 TIME_WAIT -
tcp 0 11902 208.53.170.53:80 68.85.141.253:62449 FIN_WAIT1 22738/httpd
tcp 0 0 208.53.170.53:80 69.242.105.77:4349 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4351 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4345 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4347 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4340 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4343 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62432 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.251.50.142:2178 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4333 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62433 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:1031 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.251.50.142:2179 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62434 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4335 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62435 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:1029 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.251.50.142:2182 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4329 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62437 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:1027 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.251.50.142:2183 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62438 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.251.50.142:2180 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62439 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.251.50.142:2181 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62440 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.251.50.142:2186 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4325 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62441 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:1039 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62442 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62442 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.251.50.142:2184 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62443 TIME_WAIT -
tcp 0 0 208.53.170.53:80 24.251.50.142:2185 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62444 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4321 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62445 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:1035 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62446 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62447 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:1033 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4317 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4313 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62427 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4311 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62428 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4304 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62429 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62430 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4306 TIME_WAIT -
tcp 0 0 208.53.170.53:80 68.85.141.253:62431 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4302 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4296 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4299 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4290 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4285 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4951 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4947 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4945 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4277 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4956 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4279 TIME_WAIT -
tcp 0 0 208.53.170.53:80 69.242.105.77:4275 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4953 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4935 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4933 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4943 TIME_WAIT -
tcp 0 32120 208.53.170.53:80 24.209.205.91:1335 ESTABLISHED 22726/httpd
tcp 0 0 208.53.170.53:80 172.172.177.33:4939 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4982 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4980 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4978 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4976 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4990 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4988 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4986 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4984 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4964 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4962 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4960 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4974 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4972 TIME_WAIT -
tcp 0 0 208.53.170.53:80 172.172.177.33:4968 TIME_WAIT -
udp 0 0 0.0.0.0:32772 0.0.0.0:* 2651/named
udp 0 0 0.0.0.0:10000 0.0.0.0:* 3422/perl
udp 0 0 127.0.0.1:32784 127.0.0.1:32784 ESTABLISHED 3328/postmaster
udp 0 0 208.53.185.78:53 0.0.0.0:* 2651/named
udp 0 0 208.53.185.77:53 0.0.0.0:* 2651/named
udp 0 0 208.53.185.76:53 0.0.0.0:* 2651/named
udp 0 0 208.53.185.75:53 0.0.0.0:* 2651/named
udp 0 0 208.53.175.158:53 0.0.0.0:* 2651/named
udp 0 0 208.53.175.157:53 0.0.0.0:* 2651/named
udp 0 0 208.53.175.156:53 0.0.0.0:* 2651/named
udp 0 0 208.53.175.155:53 0.0.0.0:* 2651/named
udp 0 0 208.53.185.74:53 0.0.0.0:* 2651/named
udp 0 0 208.53.175.154:53 0.0.0.0:* 2651/named
udp 0 0 208.53.170.53:53 0.0.0.0:* 2651/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 2651/named
udp 0 0 :::32773 :::* 2651/named


Here is time telnet localhost 80 (It's hanging, could it be because I disabled telnet?) I'm going to wait for it, but just wanted to post the other stuff above.
Mysteerie
12-23-2004, 06:07 PM
Here is time telnet localhost 80:

root@hostname [~]# time telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

real 5m1.154s
user 0m0.004s
sys 0m0.004s


Here is tail -f /var/log/messages:

root@hostname [~]# tail -f /var/log/messages
Dec 23 13:59:13 hostname proftpd[22700]: hostname.bihira.com (12.215.123.150[12.215.123.150]) - FTP no transfer timeout, disconnected
Dec 23 13:59:13 hostname proftpd[22700]: hostname.bihira.com (12.215.123.150[12.215.123.150]) - FTP session closed.
Dec 23 13:59:14 hostname proftpd[23488]: hostname.bihira.com (12.215.123.150[12.215.123.150]) - FTP session opened.
Dec 23 13:59:14 hostname proftpd: PAM-listfile: Couldn't open /etc/ftpusers
Dec 23 13:59:14 hostname PAM_pwdb[23488]: (ftp) session opened for user nnextco by (uid=0)
Dec 23 14:03:52 hostname kernel: ** SSH ** IN=eth0 OUT= MAC=00:0b:6a:3a:25:0d:00:d0:03:53:cc:0a:08:00 SRC=63.105.26.26 DST=208.53.185.74 LEN=60 TOS=0x04 PREC=0x00 TTL=52 ID=62829 DF PROTO=TCP SPT=25587 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Dec 23 14:03:52 hostname kernel: ** SSH ** IN=eth0 OUT= MAC=00:0b:6a:3a:25:0d:00:d0:03:53:cc:0a:08:00 SRC=63.105.26.26 DST=208.53.185.75 LEN=60 TOS=0x04 PREC=0x00 TTL=52 ID=62601 DF PROTO=TCP SPT=25588 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Dec 23 14:03:52 hostname kernel: ** SSH ** IN=eth0 OUT= MAC=00:0b:6a:3a:25:0d:00:d0:03:53:cc:0a:08:00 SRC=63.105.26.26 DST=208.53.185.76 LEN=60 TOS=0x04 PREC=0x00 TTL=52 ID=47599 DF PROTO=TCP SPT=25589 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Dec 23 14:03:52 hostname kernel: ** SSH ** IN=eth0 OUT= MAC=00:0b:6a:3a:25:0d:00:d0:03:53:cc:0a:08:00 SRC=63.105.26.26 DST=208.53.185.77 LEN=60 TOS=0x04 PREC=0x00 TTL=52 ID=37847 DF PROTO=TCP SPT=25590 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Dec 23 14:03:52 hostname kernel: ** SSH ** IN=eth0 OUT= MAC=00:0b:6a:3a:25:0d:00:d0:03:53:cc:0a:08:00 SRC=63.105.26.26 DST=208.53.185.78 LEN=60 TOS=0x04 PREC=0x00 TTL=52 ID=38386 DF PROTO=TCP SPT=25591 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0


Here is ls -lh --sort=size|head

root@hostname [~]# ls -lh --sort=size|head
total 43M
-rw------- 1 root root 44M Dec 23 09:46 core.2763
-rw-r--r-- 1 root root 51K Nov 23 21:48 install.log
-rw------- 1 root root 19K Dec 23 08:42 .bash_history
drwxr-x--- 11 root root 4.0K Dec 23 09:46 ./
drwxr-xr-x 27 root root 4.0K Dec 23 13:46 ../
drwxr-xr-x 4 root root 4.0K Nov 23 18:30 cpanel3-skel/
drwx------ 3 root root 4.0K Dec 9 05:51 .cpcpan/
drwx------ 3 root root 4.0K Nov 23 17:53 .cpmysqlrpm/
drwx------ 2 root root 4.0K Nov 23 21:40 .gconfd/


Here is ls -l /tmp/*.wrk:

root@hostname [~]# ls -l /tmp/*.wrk
/bin/ls: /tmp/*.wrk: No such file or directory


I'm assuming you mean /tmp

It's only 140KB big.

THANK YOU SO MUCH FOR HELPING ME!
Wehodef
12-23-2004, 06:22 PM
Ok lets try something, you will move the biggest file in a new dir archives :
# mkdir /home/archives
# mv *.tar.gz *.rpm /home/archives

Ok the gzip is ok it all has been cleared.
Ok, you havent got any dns issues.

Could you run the kernel dmesg and see if its ok ?
Have you updated it ?
Run # uname -a and tell me.

Other are you sure keepalive is off cause i see a lot of connexion at a time ?
Run # cd /usr/local/apache and tell me.

I cant see # netstat -tanpu | grep -i syn have you run it or i forgot to ask ?

I think i've done all i could do, i hope this would help ;)
Cheers.
Mysteerie
12-23-2004, 06:32 PM
Okay this is what uname -a

root@hostname [~]# uname -a
Linux hostname.bihira.com 2.6.9-1.6_FC2 #1 Thu Nov 18 22:03:19 EST 2004 i686 athlon i386 GNU/Linux


I went into cd /usr/local/apache then cd conf, and pico-w httpd.conf:

KeepAlive Off

Here is netstat -tanpu | grep -i syn:

root@hostname [/usr/local/apache/conf]# netstat -tanpu | grep -i syn
tcp 0 0 208.53.170.53:80 68.85.141.253:63504 SYN_RECV -


I really appreciate your help, yea I always try and research things before asking, but this one has been haunting me, and trying to get more help on it.

It happens on and off, mostly just in the morning for some reason.
Wehodef
12-23-2004, 06:43 PM
Please try to move the biggest files in another dir as i explained above.

I didnt understand : what went on and off ? apache? keepalive? else ?

Else try to kill all and restart :]
Mysteerie
12-23-2004, 07:10 PM
Sorry if I'm not moving the files, just curious what files will it move? I trust you since you helped me so much but by the look at the command it will move all files that with extensions of .tar.gz and .rpm into /home/archives/

Will this effect anything in a CPanel system?

Also I meant KeptAlive is Off, sorry for the confusion.

I also tried a graceful reboot in WHM :) The soulution I'm doing is killing httpd and mysqld a lot to speed it up. :)
Wehodef
12-23-2004, 07:39 PM
Hi,

No just move the biggest file listed by ls -lh --sort=size|head in an archives dir.

I think i'ld need advices from any other WHTers to help you/me out :]
Mysteerie
12-23-2004, 07:50 PM
Yea, btw I should of mentioned the problems started occuring after I actually touched "my.cnf" my.cnf had default settings but after I actually put something in it, it started doign this.

Though without anything in "my.cnf" my db would go extremely slow, so lol one problem to the next which is AHHHH!!!!