how can i discover hidden processes running? Already running rkhunter, chrootkit.
[root@kenny ~]# ps auxfww
USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND
Segmentation fault
[root@kenny ~]#
This just appen when i use flag "f = --full". Some running process causing this.
on my old centos servers I can show hidden (.file) files with normal 'ls' and 'ls -l' command but on new I can`t show hidden files on that way, I must use command 'ls -a' to show that files!
Also, on new server I only see dir in who I working: [root@server dir]# but on old server this look: root@server [/usr/local/dir]#
Also, on new server I have new colors for dirs, files..
but i never added that... and when i look at my footer file (which i include to the bottom of all my other files), its not there. even when i transfer the current one from my server, so its definetly not in that file
any idea how else that could have been added, and how i can take it off. my sites also been acting kind of weird lately, scrolling all the way to the bottom any time a page loads, which is really annoying
when I FTP into my server, I can't see the files files and folders starting with dots, such as .thumbs or .htaccess. How do I configure my server (through SSH) so that these files are visible rather than hidden? I'm running Fedora on my server.
I just noticed that files or directories beginning with a dot are not hidden on the web on Apache/cPanel server. Only .htaccess files are hidden, but other files are not.
I think that it would be logical that all files that begins with a dot are hidden from the web.
My server used CPL Plesk, Watchdog 2.0 and chkrootkit, but I scan with CPL there is nothing. Although when I log in with SSH and use command chkrootkit to scan server and I see these:
" Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed "
After 5 minutes, I scan again and no message to be received. This is usually happen.
What about these process? And what solution can be? Your are all professional, can you provide me any advice?
Tools&Settings Plesk Appearance Interface Management -Power user View (with & without) Use Custom View-Service Provider View (with & without) Open hosting operations in Server Administration Panel However when I go to
Websites&Domain TheWebsite/Show More, the DNS settings are still missing.
Is there any other setting I can try to show the dns settings?
I've been trying to configure Plesk as a hidden (super) master for a domain and I've run into some problems.
First off, for those who don't know, a hidden master is a nameserver that is actually the master server, yet does not list in the NS records of the domain.
The servers listed as NS in the zone have accepted the server as their master, but the rest of the world does not know it exists. Hence the term hidden master. The slaves consist of two PowerDNS servers that acknowledge the Plesk server as a supermaster, thus enabling automatic zone configuration and the like upon receiving a notify from the Plesk server.
However, the Plesk server refuses to send automatic notify messages to the slaves (listed in the NS records, also added to the ACL / transfer restrictions template). When requesting an AXFR by hand the Plesk server happily transfers the requested zone to the PowerDNS slaves, but upon changing the zone files through the Plesk panel's DNS management system, no notify goes out to the slaves, which thus don't know anything has changed. I've tried adding an also-notify clause to named.conf (which was suggested elsewhere), but it appears Plesk overwrites the entire named.conf upon zone changes, thus erasing the also-notify clause, subsequently refusing to send out a notify.
Further research into the workings of Bind (the nameserver used by Plesk in this setup) suggests that, by default, it should send notify messages to all servers listed in the NS records part of a given zone. This is clearly not the case in this particular setup, but I can't seem to find where exactly notify messages have been disabled (there is no mention of notify in named.conf).
My questions therefore are: 1) Why doesn't Plesk / Bind send automatic notify messages to its slaves, which is the default behavior of Bind? Where and how has this been disabled? 2) Should 1 turn out to be impossible to fix, how do I override named.conf on a per-domain basis?
I have the following problem, the files and folders generated by PHP are hidden in FTP.
I can see in the Plesk file manager that users, permissions and groups are the same for all files and folders (those that can be seen and those that cannot be seen from FTP).
All the options in the server are set by default. It is a new installation of Plesk 12.0.18 #4 in CentOS 6.5 (Final).
I just recently switched to using fcgid with cPanel and was wondering how I can go about seeing what is actually running under each process. Before when I was running PHP as CGI I could do psauxwe|grep PID and see all the environmental variables along with the path. I'm not able to do that any longer with fcgid. Is there anyway to get this info now?
Well one of my servers has been under a DDoS attack for a while and I've been doing things to keep it down but there is a suspicious process that keeps running and I am guessing that is whats keeping the server load up because when I stop apache the load goes down but not for long.
I've found I've got tons of processes "sleeping" on my server, how do I view what processes are sleeping? Is there a command I can run that lists all sleeping (only) processes?
"We do not allow programs to run continually in the background. This is to minimize system resources used and operational maintenance needed. We do not allow any chat or topsite programs on our servers other than the ones we pre-install for our clients to use. IRC: We currently DO NOT allow IRC or IRC bots to be operated on our network."
I thought the whole point of using a VPS was so you could run a continuous application (like a chat/game/etc server)? Why are so many VPS services against IRC (the chat server I use is not IRC based, but I just think its wierd so many prohibit IRC)
I'm having a problem with one user account, every 5-10 minutes a spamd process of this user gets locked using 60-90% cpu and never ends. If I don't kill the process another one does the same and they all get locked causing very high loads
I reinstalled exim but it did nothing
The problem persisted even when this user's account was suspended
Today I took the leap and switched to suPHP, rather than the Apache module. This is just what suited us best for hosting our own websites, keeping them more isolated from eachother bar a certain shared directory.
All is great, apart from I'm now noticing Zombie processes all of the time. These processes do seem to go away though, if I watch top the amount of Zombie processes will go up and down between 0 and 10.
Are these processes a problem, considering they do leave after a while? I've read up about Zombie processes and it would seem that as long as they are closing at some point, instead of hanging around, then that's fine. Is this supposed to happen in my setup?
I recently modified my loadavg script to store in a database the output of a top command if there's ever server loads of over 1. Overnight I've had 12 such times logged to a database.
Upon inspecting things (I was expected there is a recurring problem), the top command reveals that there are always three queries running together which take over 30 seconds each, and take up ~9% of memory each:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 26119 nobody 25 0 73492 38m 4792 S 0 8.5 0:30.00 httpd 7313 nobody 25 0 76716 42m 4992 S 0 9.5 0:29.99 httpd 14212 nobody 19 0 70688 39m 4844 S 0 8.8 0:30.03 httpd
Is there a command that will tell me exactly what these processes are? Like in WHM's "CPU/Memory/MySQL Usage" whereby it says what account these httpd processes are coming from, and the actual page they are coming from as well?
If I could log these details (i.e. account and page these are coming from) along with the output of the top command, I can hopefully troubleshoot where this problem is coming from.
My server has been crashing quite alot lately, it does have some high traffic sites on there but it has never really been this bad before. Today i noticed these in cpanel, what are they and is there anyway I can control them?