Trojan Activity - Running Perl With High CPU Usage, With User Apache
Sep 5, 2007
Running programs named Perl with Heavy CPU usage, with the ownership of user apache.
We found the problem on Fedora 3 and Fedora 6.
In our case, it was the result of a Trojan activity.
Quick Solution
Check the cron jobs of user apache
crontab -u apache -e
*/1 * * * * perl /tmp/.tmp/tmpfile
delete the cronjob entry.
Also delete the file /tmp/.tmp/tmpfile
also added "apache" to the file /etc/cron.deny
That's all
Problem and solution in detail....
View 1 Replies
ADVERTISEMENT
Nov 13, 2008
How to find what Perl script is causing high CPU usage?
I logged into my CentOS box tonight and notice after viewing the output of the "top" command that there are the following lines of output that have me concerned. What command can I use to find the source of the Perl script that is causing the CPU spike?
It seems it's been running for some time too.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
30120 apache 25 0 6908 4544 1216 R 99.8 0.2 13416:07 perl
30654 apache 25 0 8028 4508 1212 R 99.4 0.2 13417:22 perl
21273 apache 25 0 7584 4528 1200 R 98.1 0.2 2225:12 perl
20516 apache 25 0 6760 4540 1232 R 96.8 0.2 2221:30 perl
View 8 Replies
View Related
Jul 20, 2014
We are currently running plesk 11.5 and over the last few months, the apache memory usage has been very high. On investigation we have gone through the logs and we can't find a cause.
I can issue a service httpd restart and the memory drops for about 30 minutes and then we see the apache memory grow to almost 1.5 - 2GB. Why this keeps happening?
View 6 Replies
View Related
Sep 11, 2007
Does CentOS4 logs every activity done by a SSH user? Or is there such script/software to do that?
View 10 Replies
View Related
Jul 29, 2007
I am interested in setup user activity limits to avoid peaks on the server load, I have readen a lot about PAM and limits.conf but still have no idea on how set this limits. Most of the examples are similar to this page http://www.seifried.org/lasg/users/ but they are still confusing to me
>> I would like to setup rules like this:
Customers may not use more than 2% CPU daily, 3% memory daily, run more than 10 simultaneous processes per user, allow any process to run for longer than 30 CPU seconds, run any process that consumes more than 20% of available CPU at any time, or run any process that consumes more than 16 MB of memory.
View 6 Replies
View Related
Nov 14, 2014
This is my free -m
total used free shared buffers cached
Mem: 1998 1903 95 0 45 542
-/+ buffers/cache: 1315 683
Swap: 2662 36 2625
Not good ....
I got 5 wordpress and 5 statics website on this server and 100 visitors by 24H00 each day.
Question 1 : Why the memory is so low and the swap so high ?
Question 2 : Why i don't find high usage process in top command ?
Question 3 How can i resolve this problem ?
View 2 Replies
View Related
Jan 25, 2007
I tried using this perl script which supposedly restarts apache when server load reaches 5 and above
Code:
#!/usr/bin/perl -w
#use strict;
$|++;
open(LOAD,"/proc/loadavg") || die "couldn't open /proc/loadavg: $!
";
my @load=split(/ /,<LOAD>);
close(LOAD);
if ($load[0] > 5) {
`/sbin/service httpd restart`;
}
and placed it in /usr/local/script/loadavg.pl and chmod to 755
and added this to my crontab
*/1 * * * * root /usr/local/script/loadavg.pl
my server load went up to 20 and waited if it will automatically go down via the script but it seems it's not working. I had to restart apache manually.
View 4 Replies
View Related
Jul 2, 2009
I have a site that is eating up my server resources and need to know what the best solution for this is. I'm thinking of getting another server just for mysql but do not know what specs the server should be to handle the current traffic/database load and have the site run smoothly without slowing down to a snail's pace.
An alternative is to get another server just for the videos being served and leave the database and html on the current server. This is where I'm stuck and don't know what route to take with this.
My current server stats:
Dual Xeon 5130
4GB RAM
250GB
50 Mbit/sec
CentOS 3.9
Website traffic stats:
15,000 visitors/day
150,000 pageviews/day
Serving videos
I've attached screenshots of top and bandwidth usage per day. Hopefully with this information you could tell me if I need another server or if there are any things I can do to the current server to help things move faster.
View 13 Replies
View Related
Apr 15, 2008
I have installed image::magick perl module but its not running error is :--
Can't load '/usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Image/Magick/Magick.so' for module Image::Magick: libMagickCore.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/DynaLoader.pm line 230.
at flickr.pl line 55
Compilation failed in require at flickr.pl line 55.
BEGIN failed--compilation aborted at flickr.pl line 55.
View 4 Replies
View Related
Aug 12, 2008
an inexpensive VPS host and based on reviews on this forum, went with Web Wide Hosting.
I had a smooth signup and thanks to Jon at WWH, managed to get a payment snafu with Paypal resolved smoothly.
However, I've been struggling a lot with getting most recommended steps to actually work in my VPS and I'm getting increasingly frustrated.
The latest problem I have is that trying to install Perl modules fails with a "cannot allocate memory" error. First google hits suggest increasing memory, which really isn't an option for me right now. More puzzling is the fact that both HyperVM and user_beancounters suggest I have enough headroom atleast to install perl modules!
Output from session:
cpan> install Authen::PAM
CPAN: Storable loaded ok
Going to read /root/.cpan/sources/authors/01mailrc.txt.gz
Going to read /root/.cpan/sources/modules/02packages.details.txt.gz
Database was generated on Mon, 11 Aug 2008 07:02:52 GMT
HTTP::Date not available
There's a new CPAN.pm version (v1.9205) available!
[Current version is v1.7602]
You might want to try
install Bundle::CPAN
reload cpan
without quitting the current session. It should be a seamless upgrade
while we are running...
Going to read /root/.cpan/sources/modules/03modlist.data.gz
Could not pipe[/bin/gzip --decompress --stdout /root/.cpan/sources/modules/03modlist.data.gz |]: Cannot allocate memory at /usr/lib/perl5/5.8.8/CPAN.pm line 5726.
# cat /proc/user_beancounters
Version: 2.5
uid resource held maxheld barrier limit failcnt
6050: kmemsize 2383965 4269136 2147483646 2147483646 0
lockedpages 0 0 99 99 0
privvmpages 6418 26175 25600 25600 38
shmpages 685 1981 25600 25600 0
dummy 0 0 0 0 0
numproc 22 38 99 99 0
physpages 3147 22279 0 2147483647 0
vmguarpages 0 0 25600 2147483647 0
oomguarpages 3147 22279 25600 2147483647 0
numtcpsock 5 42 792 792 0
numflock 3 9 99 99 0
numpty 1 3 50 50 0
numsiginfo 0 3 99 99 0
tcpsndbuf 55900 411424 20971520 24215552 0
tcprcvbuf 81920 4136784 20971520 24215552 0
othersockbuf 2236 11744 20971520 24215552 0
dgramrcvbuf 0 8380 20971520 24215552 0
numothersock 9 20 792 792 0
dcachesize 113634 194947 912384 912384 0
numfile 495 856 2376 2376 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
numiptent 14 14 99 99 0
Not even getting started on the problems I'm having trying to mount /tmp as a noexec,nosuid partition
View 13 Replies
View Related
Apr 19, 2009
How can pervent users ro run scripts start with #!/usr/bin/perl in anywhere.
Its a big security issue for run shell.
View 13 Replies
View Related
Nov 26, 2008
I would like to dissable from executing perl scripts on user accounts.
For example,now user can upload perl script for example with name script.pl:
Code:
#!/usr/bin/perl -w
print "Hello World!";
I would like to block it via mod_security - I don't want to allow running perl scripts with .pl extension at all. Is it possible for Apache 1.x?
View 1 Replies
View Related
Nov 12, 2008
On Cpanel/WHM. I have just moved from a VPS to a dedicated server. I reinstalled munin, so get some stats via that. I used to have apachetop loaded on my VPS for when I wanted a 'near realtime' streaming view of apache access.
I'm wondering what the best solution is to get a good view of apache, like what apachetop did, plus also it would be nice to have a real-time monitor of MySQL activity, HDD activity (such as I/O queues, etc. Something along the lines of the perfmon on Windows servers.
What is my best option?
Also, with Nagios, when I look at the website, it seems there are two options. Load it on a single server and then load the stats via [url]or have the Nagios 'stat collector' on one machine, and have it gathering stats from multiple machines.
If you only install it on a single dedicated server, do you really have to be on the console and connect to the Nagios stats via localhost, rather than connecting remotely?
Ideally, I would like a quick, easy to setup solution, but if it takes some configuring, I can deal with it, as long as there is some documentation. My main goal is to get the real time type monitoring, you get with window's perfmon.
View 11 Replies
View Related
Nov 19, 2008
I have a VPS with 512 MB ram. I have 6 sites hosted on my VPS, of which 3 contains only static pages. My site is not very traffic heavy. Infact I moved to my VPS only 3 months back, until then it was running on a shared server with no problem.
But still, I am always running out of RAM. I have upgraded my account to 512 MB ram from 256MB because of this. Can anyone please tell me how I can find out what is the cause of this excessive memory usage? On rebooting my server, the RAM usage goes down to about 250MB.
View 10 Replies
View Related
Oct 21, 2009
i have a vps and its quite a new one since i just ordered it and transfered everything from my previous..
But im getting really high cpu useage and im wanting to know whats best ways to optimize this...
View 11 Replies
View Related
May 22, 2008
I know about high CPU usage and how it works against a webmaster when his host decides to suspend an account over this.
My question is what kinds of scripts usually cause CPU Usage to bulk up.
Basically what the script is doing, that just makes it happen.
I tried Google, but i guess poor choice of keywords .
View 4 Replies
View Related
Feb 14, 2007
I have server with P4 ( 2.4ghz) 2gb ram with cpanel and centos.
When I get more than 300 users online on my forum. Server load remains under 2 but Ram usage get's high upto 90% every 10 to 3 minutes. I have to restart apache in order to keep it down.
Currenty shows 67% ram usage in WHM and here is:
Code:
root@s1 [~]# free -m
total used free shared buffers cached
Mem: 2018 1645 372 0 15 293
-/+ buffers/cache: 1336 681
Swap: 1992 92 1899
View 9 Replies
View Related
Dec 7, 2008
I have read that running httpd under user nobody is not safe at all so I installed mod_suhosin and suphp but still the httpd is running under user nobody.
Could anyone suggest me how to check if they are installed good and are they working? I don't know why is this happening
View 7 Replies
View Related
Mar 28, 2009
Am using Hypervm,my all vms are not using more than 512 MB memory but when i click on server as localhost the there is show maximum memory usage I have total 8 GB it always show 5-6 GB usage and never drop down, How can I fix this matters?
View 7 Replies
View Related
Jan 20, 2008
i have a quad core Intel XEON 5130 @ 1.60GHz . with 6giga now of memory . i have about 300 account in it . CENTOS Enterprise 4.6 installed .
the probleme is that the memory server it used in totaly . after i was just 2Gb of ram , but sometimes the server lod arrive at 50% . for that i have added more memory (4Gb) , when i added it the memroy usage is always about 4giga sometimes about 3980Mb . the load is normal , but sometimes the server loas arrive at 50% or 60% (this is just in specific times) . after i have decided to add 2 Gb more , now is 6gb in the server . but also all the 6giag of ram is used , the load is normal but memory is all used , look to the top command
top - 02:55:26 up 1 day, 4:31, 1 user, load average: 0.25, 0.30, 0.45
Tasks: 157 total, 2 running, 154 sleeping, 0 stopped, 1 zombie
Cpu(s): 6.5% us, 1.3% sy, 0.0% ni, 92.1% id, 0.1% wa, 0.0% hi, 0.0% si
Mem: 6229508k total, 5995668k used, 233840k free, 213712k buffers
Swap: 4192824k total, 224k used, 4192600k free, 4353968k cached
PID USER PR NI %CPU TIME+ %MEM VIRT RES SHR S COMMAND ....
View 4 Replies
View Related
Oct 11, 2009
I have a Drupal site with around 1000 visitors/day on a basic VPS. (HyperVM with lxadmin) Burstable RAM is 384MB and my site reachs it.
is this normal for a site like this?
anything that I can do to decrease the memory usage?
View 14 Replies
View Related
Mar 18, 2008
My server details
Intel 2.4 Ghz P4 Celeron
os-redhat
RAM-2GB DDR
harddisk-160+50Gb
bandwith-3000Gb
now iam haveing more that 0.50-1.20 cpu useage,also cpu useage is also increased i hosted only 6 site out what only one site use MSQL all other site are plain download site,how to reduce the cpu load can u figure me out this issue also give me some tips to reduce the cpu usage
View 8 Replies
View Related
May 31, 2008
I noticed high cpu usage on my server since a couple of days ago. I neither updated software nor changed the configurations on the server. The server load was about 0.5 ~ 1.0 but now the average CPU load does not go below 5.0
when I stop apache (1.3) the load goes down and as soon as I start it up the load start increasing.
I checked for DoS but it seems nothing exists of this type.
I tried to follow the access_log file but from the first view nothing is strange there.
I don't have any control panel on the server. just Apache, FTP and SSH installed.
View 1 Replies
View Related
Jun 20, 2008
Since yesterday named started to use more cpu than usual. Techs "refuse" to work with that issue and saying that its's normal. Though all the time had no problems, haven't added hundreds of domains yesterday and there were no changes from my end.
There was one change from techs side however.
"the MX record for the domain was going to localhost, rather than the domain name. I have changed the MX record to domain..."
Anything I should check? Logs doesn't provide anything valuable, just notices.
View 8 Replies
View Related
Oct 17, 2007
I am running a youtube clone on a VPS with 512mb ram at Lunarpages.
Whenever I log into Plesk, I find that my system usage is extremely high. 90%++ even up to 100%. However my CPU usage is often less than 5%.
This problem often occurs when there is slightly more visitors on my site. I am talking about only 30++ visitors and this problem will occur and my site slows to a crawl and I have to restart the VPS.
The script or the server?
View 13 Replies
View Related
Feb 18, 2007
i have a problem with my server it is a Xeon with 2Gb ram, i have a igh swap usage and when it reach the size of 4gb that i have set it go in kernel panic, this is the actual value
top - 14:19:47 up 1 day, 23:07, 1 user, load average: 1.74, 1.93, 1.89
Tasks: 223 total, 5 running, 217 sleeping, 1 stopped, 0 zombie
Cpu(s): 39.8% us, 6.6% sy, 14.0% ni, 32.3% id, 7.3% wa, 0.0% hi, 0.0% si
Mem: 2074640k total, 1980804k used, 93836k free, 66200k buffers
Swap: 4192924k total, 1735588k used, 2457336k free, 365136k cached
total used free shared buffers cached
Mem: 2026 1877 148 0 61 306
-/+ buffers/cache: 1509 516
Swap: 4094 1699 2394
maybe i can work on KeepAlaive setting?
View 6 Replies
View Related
Jan 20, 2007
Quote:
total used free shared buffers cached
Mem: 1034060 1004864 29196 0 50756 340272
-/+ buffers/cache: 613836 420224
Swap: 1020088 373648 646440
Is there anything I can do to reduce the swap usage?
Running cpanel, Dual Xeon 3.0ghz with 1 gb ram
Quote:
root@****** [~]# uname -a
Linux ****** 2.6.9-42.0.3.EL.cernsmp #1 SMP Fri Oct 6 12:07:54 CEST 2006 i686 i686 i386 GNU/Linux
View 1 Replies
View Related
Jan 30, 2007
I need some help my CPU (Intel Core 2 Duo 1.7 Ghz) always gets high usage from mysql sometimes its using 95% cpu etc... How can I modify my.cnf to use less CPU and more ram since I have 3gb ram installed?
here is my.cnf
Code:
[mysqld]
back_log = 5
skip-innodb
max_connections = 400
key_buffer = 190M
myisam_sort_buffer_size = 156M
join_buffer_size = 4M
read_buffer_size = 4M
sort_buffer_size = 5M
table_cache = 1024
record_buffer = 1024
thread_concurrency = 2
long_query_time = 1
thread_cache = 1024
thread_cache_size = 992025
wait_timeout = 13
connect_timeout = 5
tmp_table_size = 64M
max_heap_table_size = 16M
max_allowed_packet = 16M
max_connect_errors = 500
read_rnd_buffer_size = 1024
bulk_insert_buffer_size = 32M
query_cache_limit = 1M
query_cache_size = 64M
query_cache_type = 1
query_prealloc_size = 163840
query_alloc_block_size = 32768
low_priority_updates=1
default-storage-engine = MyISAM
[mysqld_safe]
nice = -2
open_files_limit = 4096
[mysqldump]
quick
max_allowed_packet = 16M
[myisamchk]
key_buffer = 64M
sort_buffer = 64M
read_buffer = 32M
write_buffer = 32M
View 1 Replies
View Related
Aug 30, 2007
I purchased a VPS at wiredtree to upload a site that is in the works so that it would be "ready" once it was launched (had it sitting on a shared server before). So I have this domain on there, as well as a small wordpress blog. In total I'm get a very miniscule trickle of visitors to these websites (as they are not officially launched), around 100 visits per day, many of which are only 1 pageview visits.
My problem is, my server is already idling over its memory limit of 256mb. This is causing major slowdowns, and processes like cpanel are constantly be killed and I can't login.
Does anyone have any idea what is causing my high memory usage? I just can't image that the visitors I am getting are doing much, as for the majority of the day I have absolutely no one viewing my domains, yet my memory usage is still over the limit.
Wiredtree support says its up to me to optimize my msql/php scripts etc for low mem usage, but I don't see how this will help when there is no one using them in the first place.
View 5 Replies
View Related
