Page 2 of 2 FirstFirst 12
Results 26 to 42 of 42
  1. #26
    Join Date
    Oct 2004
    Location
    Chicago, IL
    Posts
    56
    Just killed it with

    kill 30487

    server is back to normal.

    Bug on cpanel forums: http://forums.cpanel.net/f5/webmail-...ad-102425.html

    Is there any fix to this?

  2. #27
    Join Date
    Oct 2004
    Location
    Chicago, IL
    Posts
    56
    I just accidently ran the cmd

    ps aux |grep

    and which seems to have locked up the server

  3. #28
    Join Date
    Jun 2009
    Location
    Singapore
    Posts
    205
    Quote Originally Posted by Unknown-Services View Post
    Just killed it with

    kill 30487

    server is back to normal.

    Bug on cpanel forums: http://forums.cpanel.net/f5/webmail-...ad-102425.html

    Is there any fix to this?
    Well, if Roundcube is really causing you the problem, I suggest that you report a bug to the developers to Roundcube.

    Anyway, check that your Roundcube is at the latest version. Bugs are usually fixed with new releases. You are able to update software via WHM, and this can be set to do automatically or manually. However, I suggest setting it to manually.

    You can update by going to "update server software" under the software tab.

    EDIT:
    Quote Originally Posted by Unknown-Services View Post
    I just accidently ran the cmd

    ps aux |grep

    and which seems to have locked up the server
    When you say locked up, you mean the entire server is inaccessible?
    bikster.com - Quality Hosting. Affordable Prices.
    Providing premium quality shared and reseller cPanel/WHM hosting at low prices!
    Reseller cPanel/WHM hosting solutions that you can afford

  4. #29
    Join Date
    Oct 2004
    Location
    Chicago, IL
    Posts
    56
    Its back to normal now =)

    Thanks alot bikster

    This thing has been bugging me for more than a month now, thanks for the help.

  5. #30
    Join Date
    Jun 2009
    Location
    Singapore
    Posts
    205
    Quote Originally Posted by Unknown-Services View Post
    Its back to normal now =)

    Thanks alot bikster

    This thing has been bugging me for more than a month now, thanks for the help.
    Pleasure. Always glad to help out people.

    If the problem persists, try updating Roundcube, that's the only solution I can think of right now.
    bikster.com - Quality Hosting. Affordable Prices.
    Providing premium quality shared and reseller cPanel/WHM hosting at low prices!
    Reseller cPanel/WHM hosting solutions that you can afford

  6. #31
    Join Date
    Oct 2004
    Location
    Chicago, IL
    Posts
    56
    Spoke too soon =(

    When I initially killed the process the server was loading fine, now its back to its old shenanigans.

    top cmd isn't showing anything suspicious

    back to square one

  7. #32
    Join Date
    Jun 2009
    Location
    Singapore
    Posts
    205
    Quote Originally Posted by Unknown-Services View Post
    Spoke too soon =(

    When I initially killed the process the server was loading fine, now its back to its old shenanigans.

    top cmd isn't showing anything suspicious

    back to square one
    Is cpanelro running again? If so, you'll have to kill it..... yeah, again.

    Annoying ain't it?
    bikster.com - Quality Hosting. Affordable Prices.
    Providing premium quality shared and reseller cPanel/WHM hosting at low prices!
    Reseller cPanel/WHM hosting solutions that you can afford

  8. #33
    Join Date
    Oct 2004
    Location
    Chicago, IL
    Posts
    56
    Nah, top isn't showing anything with overly high CPU usage.

  9. #34
    Join Date
    Jun 2009
    Location
    Singapore
    Posts
    205
    Check with your provider, it could be a network problem.
    bikster.com - Quality Hosting. Affordable Prices.
    Providing premium quality shared and reseller cPanel/WHM hosting at low prices!
    Reseller cPanel/WHM hosting solutions that you can afford

  10. #35
    Join Date
    Oct 2004
    Location
    Chicago, IL
    Posts
    56
    My hosting provider(iweb.com) doesn't listen.

    They've told me its DDoS attack for the past 2 weeks and are trying to make me buy a DDoS protection package.

  11. #36
    Join Date
    Jul 2009
    Location
    rules.php
    Posts
    6
    if this ddos attack ... do this ,ask your provider about the ip attacker then send email abuse to ISP who have this ip's.

    as usual data center will block the ip if detected as flooding ...

    oh..dont buy anything

  12. #37
    Join Date
    Oct 2004
    Location
    Chicago, IL
    Posts
    56
    Its not a DDoS attack because the bandwidth is fine, no excessive usage or anything of that sort.

    I called them yesterday when the server was down, and they said its not a DDoS attack, and they're not responding to my support ticket, which I sent 2 days ago.

  13. #38
    Join Date
    Jul 2009
    Location
    rules.php
    Posts
    6
    Quote Originally Posted by Unknown-Services View Post
    Its not a DDoS attack because the bandwidth is fine, no excessive usage or anything of that sort.

    I called them yesterday when the server was down, and they said its not a DDoS attack, and they're not responding to my support ticket, which I sent 2 days ago.
    nano /etc/crontab ...

    please check if any suspicious script running ....

  14. #39
    Join Date
    Oct 2004
    Location
    Chicago, IL
    Posts
    56
    This is what I found in it:

    Code:
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/
    
    # run-parts
    01 * * * * root run-parts /etc/cron.hourly
    02 4 * * * root run-parts /etc/cron.daily
    22 4 * * 0 root run-parts /etc/cron.weekly
    42 4 1 * * root run-parts /etc/cron.monthly

  15. #40
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    433
    Quote Originally Posted by Unknown-Services View Post
    netstat -nap | grep SYN | wc -l displayed 0
    It will always display 0 because it is not correct. You should use the 't' parameter (t for TCP) :

    Code:
    netstat -nt | grep SYN_RECV | wc -l
    It could be a SYN flood, try the command again when your server becomes unreachable. Do you have any 'crazy' iptables rules like rate/limiting SYN packets per seconds etc ?

    I will repeat myself but, whatever happens inside your server, it is handle by the kernel so it may be a good idea to ask it how is it going :

    Code:
    # dmesg | tail -n 100
    and :

    Code:
    tail -n 100 /var/log/kern.log

  16. #41
    Join Date
    Oct 2004
    Location
    Chicago, IL
    Posts
    56
    They responded about two days ago:

    After investigation, and analyzing the system log files and the traffic
    graphics, we can confirm that you server is not suffering from any kind
    of DDoS attacks!

    ....

    We have also analyzed the log files generated by the command "sar" which
    logs periodically (every 10 minutes) different statistics related to the
    server resources usage (memory usage, load, CPU usage,...).

    You can display these reports by using the following commands:
    sar -r -f /var/log/sa/sa01 (01 for the 1st of July, ...) to display
    the statistics related to the memory usage. (The memory is used at more
    than 96% ...). This is probably the main cause of the reported issues!,
    we suggest you to upgrade you memory to have the needed resources for
    the running processes.
    My server's specs, taken from WHM

    Processor #1 Vendor: GenuineIntel
    Processor #1 Name: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
    Processor #1 speed: 1600.000 MHz
    Processor #1 cache size: 1024 KB

    Processor #2 Vendor: GenuineIntel
    Processor #2 Name: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
    Processor #2 speed: 1600.000 MHz
    Processor #2 cache size: 1024 KB

    Memory for crash kernel (0x0 to 0x0) notwithin permissible range
    Memory: 1023704k/1038976k available (2096k kernel code, 14576k reserved, 874k data, 228k init, 121472k highmem)

    Is my server really that bad not to be able to host about 15, very small sites?

  17. #42
    Join Date
    Mar 2006
    Location
    New Jersey
    Posts
    851
    Server configuration is absolutely fine, infact you can host them on vps or shared hosting if they are small sites. I think you really need a server administrator to investigate for you. There are many server management companies offering one time service which could solve your problem.
    24Shells in Business Since 2003 - AS55081
    Dedicated Servers, High Bandwidth Servers
    @24Shells - 24shells.net

Page 2 of 2 FirstFirst 12

Similar Threads

  1. DDoS attack
    By newbie_security in forum Hosting Security and Technology
    Replies: 12
    Last Post: 05-26-2009, 06:11 PM
  2. DDOS attack
    By Hserver in forum Hosting Security and Technology
    Replies: 5
    Last Post: 10-06-2007, 03:30 AM
  3. What to do during/after a DDoS attack
    By Mitsurugi in forum Hosting Security and Technology
    Replies: 4
    Last Post: 07-31-2007, 09:51 AM
  4. DDOS attack
    By KGLim in forum Hosting Security and Technology
    Replies: 1
    Last Post: 09-10-2004, 07:28 AM
  5. Ddos attack, any help?
    By beniceman in forum Hosting Security and Technology
    Replies: 5
    Last Post: 08-31-2004, 11:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •