Results 1 to 3 of 3
  1. #1

    Few problems with Server + DDoS

    Hello,

    I got a few problems with my servers. On the first server one is when I log in as a regular user via ssh I get the following errors:


    Last login: Wed Jul 13 23:50:05 2005 from *
    -bash: /dev/null: Permission denied
    -bash: /dev/null: Permission denied
    -bash: /dev/null: Permission denied
    -bash: /dev/null: Permission denied
    -bash: /dev/null: Permission denied
    [[email protected] bosnabeat]$

    When i log in as root on the same server I don't get those messages.

    On my other server I am getting DDoS attacks on Apache and MySQL. I've installed SIM which restarts the services every 5 minutes if they fail. Yesterday my server load was so high that I received a msg on SSH when I logged in:

    "The system load is dangerously high, if your use of this system is not required please logout for a short period of time. "

    I've blocked some IP's at /etc/hosts.deny but looks like Apache is still crashing. The following are the errors I received in my email from SIM:

    Jul 14 13:24:48 s2 prm(21971): process 21619 exceeded resource limits, killed.
    Jul 14 13:24:48 s2 prm(21971): check /usr/local/prm/killed/21619 for process
    specific information.
    Jul 14 13:25:04 s2 prm(21971): get_pinfo() value asignment error; aborting.
    Jul 14 13:28:00 s2 prm(24620): cleared stale lock file file.
    Jul 14 13:40:49 s2 prm(28685): process 23904 exceeded resource limits, killed.
    Jul 14 13:40:49 s2 prm(28685): check /usr/local/prm/killed/23904 for process
    specific information.
    Jul 14 13:41:04 s2 prm(28685): get_pinfo() value asignment error; aborting.
    Jul 14 13:44:00 s2 prm(30815): cleared stale lock file file.


    Please help

  2. #2
    Join Date
    Dec 2004
    Posts
    350
    /dev/null == limbo, which is why you're getting the error (it can't be accessed)

    Check the directory path or assigned shell for the account in question.
    assuming you're on a linux box (etc/passwd)

    how large is your swap memory (free -m)
    also you may want to run "top" and post the results

  3. #3
    Directory path seems to be fine and assigned shell is also fine (/bin/bash). I'm sorry for not posting the server info. Both servers use:

    OS: CentOS 3.3
    S1: 1.5 GB RAM
    S2: 1 GB RAM

    [[email protected] root]# free -m
    total used free shared buffers cached
    Mem: 1512 1434 77 0 99 1022
    -/+ buffers/cache: 313 1199
    Swap: 1027 12 1014
    [[email protected] root]#

    -----------------------

    [[email protected] root]# free -m
    total used free shared buffers cached
    Mem: 987 971 15 0 25 599
    -/+ buffers/cache: 346 641
    Swap: 1027 94 933
    [[email protected] root]#

    -----------------
    [[email protected] root]# top

    15:16:45 up 14 days, 15:47, 1 user, load average: 0.16, 0.55, 0.67
    242 processes: 240 sleeping, 1 running, 1 zombie, 0 stopped
    CPU states: cpu user nice system irq softirq iowait idle
    total 7.1% 0.0% 3.5% 0.8% 0.8% 0.0% 87.5%
    Mem: 1011356k av, 996112k used, 15244k free, 0k shrd, 26040k buff
    775820k actv, 141684k in_d, 15660k in_c
    Swap: 1052248k av, 97016k used, 955232k free 614696k cached

    PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
    32571 bosnabea 21 6 8216 4612 512 S N 6.2 0.4 757:30 0 sc_trans_linu
    16340 root 20 0 1380 1380 892 R 3.5 0.1 0:00 0 top
    9459 root 15 0 4072 3980 2724 S 0.8 0.3 0:12 0 httpd
    1 root 15 0 508 472 448 S 0.0 0.0 0:06 0 init
    2 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 keventd
    3 root 15 0 0 0 0 SW 0.0 0.0 0:05 0 kapmd
    4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 ksoftirqd/0
    7 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 bdflush
    5 root 15 0 0 0 0 SW 0.0 0.0 0:39 0 kswapd
    6 root 15 0 0 0 0 SW 0.0 0.0 5:43 0 kscand
    8 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kupdated
    9 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 mdrecoveryd
    13 root 15 0 0 0 0 SW 0.0 0.0 1:20 0 kjournald
    515 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald
    516 root 15 0 0 0 0 SW 0.0 0.0 0:01 0 kjournald
    [[email protected] root]#

    --------------------

    [[email protected] root]# top

    15:12:06 up 6 days, 20:34, 2 users, load average: 0.02, 0.14, 0.11
    105 processes: 104 sleeping, 1 running, 0 zombie, 0 stopped
    CPU states: cpu user nice system irq softirq iowait idle
    total 0.0% 0.0% 0.8% 0.0% 0.0% 0.0% 199.0%
    cpu00 0.0% 0.0% 0.9% 0.0% 0.0% 0.0% 99.0%
    cpu01 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 100.0%
    Mem: 1548448k av, 1472708k used, 75740k free, 0k shrd, 102184k buff
    707676k active, 617504k inactive
    Swap: 1052216k av, 13228k used, 1038988k free 1047792k cached

    PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
    6895 root 18 4 1224 1224 896 R N 0.9 0.0 0:00 0 top
    1 root 8 0 484 456 436 S 0.0 0.0 0:09 1 init
    2 root 9 0 0 0 0 SW 0.0 0.0 0:00 1 keventd
    3 root 18 19 0 0 0 SWN 0.0 0.0 0:00 0 ksoftirqd_CPU
    4 root 19 19 0 0 0 SWN 0.0 0.0 0:02 1 ksoftirqd_CPU
    5 root 9 0 0 0 0 SW 0.0 0.0 1:28 0 kswapd
    6 root 9 0 0 0 0 SW 0.0 0.0 0:00 1 bdflush
    7 root 9 0 0 0 0 SW 0.0 0.0 0:25 0 kupdated
    8 root 9 0 0 0 0 SW 0.0 0.0 0:01 0 xfsbufd
    9 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 xfslogd/0
    10 root 9 0 0 0 0 SW 0.0 0.0 0:00 1 xfslogd/1
    11 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 xfsdatad/0
    12 root 9 0 0 0 0 SW 0.0 0.0 0:00 1 xfsdatad/1
    You have new mail in /var/spool/mail/root
    [[email protected] root]#

    I am also received the following messages from Cron on s2:

    Message 1:
    From [email protected] Fri May 20 23:00:03 2005
    Date: Fri, 20 May 2005 23:00:01 -0400
    From: [email protected] (Cron Daemon)
    To: [email protected]
    Subject: Cron <[email protected]> /usr/local/sbin/nsiv -q
    X-Cron-Env: <SHELL=/bin/sh>
    X-Cron-Env: <HOME=/root>
    X-Cron-Env: <PATH=/usr/bin:/bin>
    X-Cron-Env: <LOGNAME=root>

    which: no lsof in (/usr/bin:/bin)
    Required 'lsof' not installed, aborting.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •