Phantom Cpanel IP Usage
May 28, 2009
Setup server:
fqdn.domain.com / IP: 1
ns1.domain.com / IP: 2
ns2.domain.com / IP: 3
Then I setup an account for www.domain.com assigned ded IP: 4,
where fqdn.domain.com appears a subdomain in www.domain.com`s cpanel.
Name servers for the cpanel account www.domain.com are same as server
ns1.domain.com / IP: 2
ns2.domain.com / IP: 3
Now I go to WHM and view IP Usage, I see a phantom IP showing
all is normal except I see 2 instances of fqdn.domain.com showing. The first
instance is the assigned server IP and the second is a phantom IP: 5.
Is there a reason for this, is it normal? Is it because I assigned www.domain.com a dedicated IP?
I checked SSH - nano /etc/nameserverips the phantom IP does not show.
Also performed DNS cleanup and bind restart.
View 1 Replies
ADVERTISEMENT
Sep 17, 2007
First, a bit of server data:
Linux version: Linux version 2.6.9-023stab033.9-entnosplit (root@rhel4-32) (gcc version 3.4.5 20051201 (Red Hat 3.4.5-2)) #1 SMP Tue Dec 5 14:54:16 MSK 2006
Running on top of Virtuozzo 3.x, SLM
Running the DirectAdmin control panel, v.1.30.2
For a couple years I've been maintaining a VPS, and I've had a command in root's .bash_profile to mail me the contents of `who` whenever root logs in (I'm certain this wouldn't catch everything, but I at least get mailed when I ssh in). However last night I got one of the dispatch emails, one that was definitely not caused by me logging in, and it was missing the `who` output in the body.
Taloncrossing: Root Shell Access on: Mon Sep 17 00:58:49 EDT 2007
I started doing some looking, starting with the logs. /var/log/messages contained these lines:
Sep 17 00:58:49 vps sshd(pam_unix)[16277]: session opened for user root by (uid=
0)
Sep 17 00:59:17 vps sshd(pam_unix)[16277]: session closed for user root
/var/log/security contained:
Sep 17 00:58:49 vps sshd[16277]: Accepted password for root from 65.98.70.202 port 45053 ssh2
To me this is pretty clear that someone had shell access to root. The session lasted just under 30 seconds. The security log showed no signs of previous failed login attempts. I referred to this topic [url]to try to find anything unusual
/var/log/wtmp has a reference somewhere to the accessing IP on grep, but 'who' will not reveal it, the same way that my email message was missing that info.
Everything else looks clean, I've run chkrootkit and rkhunter, all the warnings (issued by rkhunter) are benign, the .bash_history is clean (not flushed or any suspicious commands), logs are clean, nothing unusual is running, can't find anything out of place.
So basically I'm completely confused and have no idea what to make of all this. Was there a glitch? I can only assume that I am somehow compromised, but don't know what to make of all the data I've gathered. I'd really appreciate opinions from some of you that know this stuff way better than I do. The only action I've taken so far is changing the root password.
View 3 Replies
View Related
Apr 20, 2007
I have read that cPanel consumes a constant 258MB of RAM. That seems like a huge overhead for the convenience it provides.
Plesk consumes less? How much?
This is to run LAMP -- so what I want to know is how much RAM is the minimum needed to run LAMP under different control panels. (The bandwidth of the sites to be run is low.)
View 7 Replies
View Related
Jul 12, 2008
Running the latest version of WHM 11.23.2 & cPanel 11.23.4-C26138
So far tried the following commands:
/scripts/initquotas
/scripts/resetquotas
/scripts/fixquotas
the above commands done nothing - really waste of time!
The cPanel asked my to contact my VPS provider and ask them to reinitialize quotas for your VE and possibly check further into the node to correct the issue. As for VPS provider they did some tests & told me that they "fixed" & can't find any issues on the node, but the problem is still exists.
asked by VPS provider to do:
/scripts/fixquotas
restart VPS
/scripts/upcp --force
how to fix cPanel bug?
The attached image are proof of Disk usage not being updated in WHM & cPanel, as this account contains 17.6 MB (18,472,960 bytes).
View 2 Replies
View Related
Nov 5, 2008
I just moved from a P4 Dual Core (2mb cache) to a Dual Xeon (512k cache) and everything has gone to sh*t.
I had the server optimized/security hardened (for the most part) and last night, I had a RAM upgrade to 4GB.
As soon as the server came back up after the upgrade, CPU usage was into the mid hundreds. RAM usage is fine....
Presently, I'm showing PHP using a ton of CPU. I tweaked mysql a little bit, and that helped slightly.
Also, last night, I had the DC run diagnostics on the RAM and hard drive. Both check out OK.
Here's the specs:
2x Intel Xeon 2.80GHz
4GB RAM
cPanel
CENTOS Enterprise 5.2 i686
PHP 5.x
MySQL 5.x
Exim
When viewing TOP or status in WHM, php scripts use the most CPU. With average CPU load around 60+
View 12 Replies
View Related
Jun 23, 2009
It is possible to show resources usage stat. to customers?
Any addons & scripts?
This is very important function, but cpanel didn't have it.
I created same thread to forums.cpanel.net but no replies.
View 8 Replies
View Related
Jan 6, 2007
for the last few days, i am facing high memory usage up to 90%.
Memory usage get's high, even if i don't have many visitors online. I have to restart httpd to get the memory to normal. some times, server loads, get's high aswell.
In error logs (only unusual things i see):
Code:
[Sat Jan 6 10:37:04 2007] [error] mod_gzip: TRANSMIT_ERROR:ISMEM:104
[Sat Jan 6 10:37:25 2007] [error] mod_gzip: TRANSMIT_ERROR:ISMEM:104
# top:
Code:
top - 10:42:19 up 10:35, 1 user, load average: 22.95, 10.67, 9.79
Tasks: 318 total, 1 running, 317 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.7% us, 1.3% sy, 0.0% ni, 0.0% id, 61.9% wa, 36.1% hi, 0.0% si
Mem: 2009652k total, 1220736k used, 788916k free, 28756k buffers
Swap: 6224564k total, 135212k used, 6089352k free, 389768k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
6365 root 0 -20 0 0 0 D 40 0.0 3:01.33 loop0
4553 root 16 0 3112 1108 760 R 1 0.1 0:00.30 top
327 root 15 0 0 0 0 S 0 0.0 6:33.15 kjournald
3743 nobody 15 0 18592 7260 2320 S 0 0.4 0:00.21 httpd
3833 nobody 15 0 21664 10m 2780 D 0 0.5 0:00.94 httpd
3838 nobody 15 0 20472 9400 2664 S 0 0.5 0:00.18 httpd
3858 nobody 15 0 18876 7616 2388 S 0 0.4 0:00.82 httpd
3919 nobody 16 0 21492 10m 2432 D 0 0.5 0:00.82 httpd
3931 nobody 15 0 18976 8016 2716 D 0 0.4 0:00.45 httpd
4439 nobody 15 0 18892 7612 2368 S 0 0.4 0:00.16 httpd
4913 root 18 0 2512 292 244 D 0 0.0 0:00.24 sync
1 root 16 0 2484 488 456 S 0 0.0 0:06.16 init
2 root RT 0 0 0 0 S 0 0.0 0:00.11 migration/0
3 root 34 19 0 0 0 S 0 0.0 0:06.66 ksoftirqd/0
4 root RT 0 0 0 0 S 0 0.0 0:00.16 migration/1
5 root 34 19 0 0 0 S 0 0.0 0:00.71 ksoftirqd/1
6 root 5 -10 0 0 0 S 0 0.0 0:14.59 events/0
7 root 5 -10 0 0 0 S 0 0.0 0:42.07 events/1
this looks suspisous to me:
6365 root 0 -20 0 0 0 D 40 0.0 3:01.33 loop0
as it's taking alot of memory. i don't see this before.
View 6 Replies
View Related
Jun 17, 2008
Anyone know how much is true stats that we get in "main" server cPanel in menu:
Main >> Account Information >> View Bandwidth Usage
Is that correct data or? and can be difference of 500Gig?
I get bill for 500gig over, than stat in cPanel?
Is it possible that stats in cPanel dont say correct data? and to be that much difference?
View 7 Replies
View Related
Feb 15, 2009
I have been using Blue Host for years, but recently they kept suspending my account due to performance problem.
I was only running a php forum (phpBB3) and a Wordpress blog. They kept mentioning it is not problem with space/bandwidth, but issues with "Running application causing high load", and the mysql queries from phpBB3 are taking too long.
Now I am planning to add a Ruby on Rails application. I am sure it will cost more CPU usage. What should I do? Will a move to VPS hosting solve my problem?
View 14 Replies
View Related
Oct 14, 2009
We are currently looking to move to a new dedicated server provider located in the United Kingdom. The server is solely used to provide an IRC daemon to a large IRC network that receives multiple gigabits of DDoS and PPS. We are currently with another hosting provider who can no longer support us.
Our current specification is DualCore Xeon 2.67Ghz/4MB Cache with 500GB SATA HDD. A good connection and available bandwidth (preferably 3-5,000 GB bandwidth /month) included in the price. We are seeking to move to a new dedicated server host, if you know a company that can accommodate our needs,
View 4 Replies
View Related
