Why User Root Is Running Process Httpd All Time
Jul 2, 2009
I usually use the "top" command to see what is happening in my server ... Normally everything is OK untill one week ago I start so see this process:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1115 root 20 0 10768 10m 164 R 26 0.5 46:17.27 httpd
Is the number 1 on the top list using a lot of CPU and MEM (as I say before ... I never have seen this command in the past)
So when I kill the process everything goes fine but only for a few minutes and then is comming back
View 14 Replies
ADVERTISEMENT
Dec 7, 2008
I have read that running httpd under user nobody is not safe at all so I installed mod_suhosin and suphp but still the httpd is running under user nobody.
Could anyone suggest me how to check if they are installed good and are they working? I don't know why is this happening
View 7 Replies
View Related
Jul 29, 2009
I am pretty sure that the following entries in the logs are not good and I would like to resolve this issue. I have been reading on Google for several hours straight looking for answers and have come up short.
[/var/log]# grep -i -C4 failed maillog | tail -18
Jul 29 10:12:29 bamboo spamd[31310]: spamd: setuid to root succeeded
Jul 29 10:12:29 bamboo spamd[31310]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody
Jul 29 10:12:29 bamboo spamd[31310]: spamd: processing message <GTUBE1.1010101@example.net> for root:99
Jul 29 10:12:29 bamboo spamd[31310]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock.bamboo.site.com.31310 for /.spamassassin/auto-whitelist.lock: No such file or directory
Jul 29 10:12:29 bamboo spamd[31310]: spamd: identified spam (1000.0/5.0) for root:99 in 0.0 seconds, 834 bytes.
Jul 29 10:12:29 bamboo spamd[31310]: spamd: result: Y 999 - GTUBE,NO_RECEIVED,NO_RELAYS ....
View 7 Replies
View Related
Apr 16, 2008
In My server i Can see lotz of /usr/local/apache/bin/httpd -k start -DSSL Process also some time it lead to crash of my server,is this caused to improper httpd.con file iam have 200-250 online users here i will give my apachi cofig file
KeepAlive Off
MaxKeepAliveRequests 200
KeepAliveTimeout 15
StartServers 20
MinSpareServers 30
MaxSpareServers 40
MaxClients 600
MaxRequestsPerChild 250
in correct optimization for my apachi also my processer is dual xenon
View 14 Replies
View Related
Mar 15, 2007
I am having only 14 connections, but having many httpd processes.
root@server [~]# pidof httpd
1544 1498 1475 1239 835 686 684 572 570 535 478 32602 32601 32597 32544 32106 32 085 32082 30538 30536 29612 28981 28980 28978 28785 28778 28775 28759 28741 2843 4 28431 28428 28420 28394 28192 28116 27782 27694 27693 27692 27442 27399 27299 27288 27276 27262 27257 27252 27248 27146 27043 26970 26486 26385 26049 26023 25 703 25679 25621 24603 24602 24600 24526 22025 21963 21950 21915 21870 21858 2179 4 21697 21673 21525 21223 21211 21001 20784 20783 20780 20721 20713 20704 20696 20613 20605 20603 20179 19909 19718 19711 19530 19463 19462 19460 19456 19424 19 346 19283 19258 19232 19140 19123 19088 17926 17925 17924 17421 17420 17419 1505 4 15053 15052 14854 14676 14458 14457 14439 14343 14342 14340 14336 14267 14189 13899 13880 10021 10016 10014 10012 10011 10000 9999 9992 9991 9990 9989 9988 99 86 9979 9978 9977 9976 9973 9972 9970 9962 9961 9960 9959 9957 10293
root@server [~]# netstat -n | grep :80 | wc -l
14
View 8 Replies
View Related
Nov 27, 2008
I have a VPS and experienced frequest httpd crash errors. Here's the log I got from support:
Quote:
++++++++++++++++++++++++++++
# grep 6997 /var/log/messages|grep OOM | wc -l
2037
Nov 14 02:07:26 chi08 kernel: OOM killed process httpd (pid=19282, ve=6997) (mm=0e9e1780) exited, free=53673 gen=137193.
Nov 14 02:07:27 chi08 kernel: OOM killed process httpd (pid=19149, ve=6997) (mm=7bc4b440) exited, free=57305 gen=137194 ...........
++++++++++++++++++++++++++++
I have 512MB RAM
View 10 Replies
View Related
Feb 19, 2008
I am showing hundreds of running processes for:
/usr/local/apache/bin/httpd -DSSL
View 3 Replies
View Related
Apr 10, 2008
mysqq has a nice value of 6, is this fine? I read somewhere that it's better at a value of -5.
View 4 Replies
View Related
Nov 23, 2007
So ive installed a bit torrent client on a server for a corporate client to server an internal application they use.
When I run the following code, it starts to seed it fine, however as soon as I close the ssh session which started the seed, it stops seeding.
Ive tried adding an & to the end of the command, however the same thing happens.
Anyone got any ideas how I can get the following line to start as soon as the server boots, and keep running 24/7?
The command is;
btdownloadheadless.py --url [url]
View 7 Replies
View Related
Jan 16, 2008
top output from my server shows a this user was creating a lot of proccesses, even this process has been running for about 30 mins, how can I limit the time a process can stay alive? I suspect it was causing a high load on the server when started.
PID USER PR NI %CPU TIME+ %MEM VIRT RES SHR S COMMAND
5374 jvmcompa 30 10 0 0:30.01 0.3 16456 6740 3532 S php
15586 jvmcompa 30 10 0 0:00.02 0.3 16052 6380 3460 S php
8165 jvmcompa 30 10 0 0:00.02 0.3 15248 6372 3432 S php
15785 jvmcompa 30 10 0 0:00.02 0.3 15520 6368 3436 S php
15272 jvmcompa 30 10 0 0:00.02 0.3 16236 6348 3412 S php
15345 jvmcompa 30 10 0 0:00.02 0.3 17052 6316 3432 S php
15396 jvmcompa 30 10 0 0:00.02 0.3 16324 6312 3432 S php
15472 jvmcompa 30 10 0 0:00.02 0.3 15740 6312 3432 S php
15803 jvmcompa 30 10 0 0:00.02 0.3 15092 6312 3432 S php
8255 jvmcompa 30 10 0 0:00.02 0.3 16504 6304 3404 S php
8281 jvmcompa 30 10 0 0:00.02 0.3 15504 6304 3404 S php
15260 jvmcompa 30 10 0 0:00.02 0.3 15296 6304 3404 S php
8136 jvmcompa 30 10 0 0:00.02 0.3 16308 6280 3412 S php
8153 jvmcompa 30 10 0 0:00.02 0.3 16500 6280 3412 S php
8092 jvmcompa 30 10 0 0:00.02 0.3 15196 6276 3412 S php
8145 jvmcompa 30 10 0 0:00.02 0.3 15280 6264 3412 S php
32263 jvmcompa 25 10 0 0:00.10 0.1 9564 1204 776 S pure-ftpd
31773 jvmcompa 26 10 0 0:00.01 0.1 9448 1120 728 S pure-ftpd
14657 jvmcompa 25 10 0 0:00.00 0.0 8420 988 696 S pure-ftpd
View 3 Replies
View Related
Feb 5, 2008
so here is a simple question that i just can't seem to figure out.. when i run the command top or ps -auxw.. they show the httpd processes as the command httpd or /usr/sbin/httpd, but how do i know what file that is? is there anyway to find out what file that is actually getting executed or served?
View 2 Replies
View Related
Feb 10, 2007
I had a strange error this morning, httpd was running fine but nothing was loading. All the other services worked fine but I checked the error log and couldn't find anything. I restarted httpd and it's running fine now.
Quote:
[Sat Feb 10 11:48:01 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Feb 10 11:48:01 2007] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Sat Feb 10 13:06:02 2007] [notice] caught SIGTERM, shutting down
[Sat Feb 10 13:06:03 2007] [notice] Apache configured -- resuming normal operations
[Sat Feb 10 13:06:03 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Feb 10 13:06:03 2007] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Sat Feb 10 20:42:26 2007] [notice] caught SIGTERM, shutting down
[Sat Feb 10 20:42:28 2007] [notice] Apache configured -- resuming normal operations
[Sat Feb 10 20:42:28 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Feb 10 20:42:28 2007] [notice] Accept mutex: sysvsem (Default: sysvsem)
Looks just like normal operations... I checked the access log and nothing looked out of the ordinary either.
Anyway the only suspicious thing I saw was the daily scan by spammers to see if I had anything exploitable.
Quote:
[Sat Feb 10 00:16:32 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/a1b2c3d4e5f6g7h8i9/nonexistentfile.php
[Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/adxmlrpc.php
[Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/adserver/adxmlrpc.php
[Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/phpAdsNew/adxmlrpc.php
[Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/phpadsnew/adxmlrpc.php
[Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/phpads/adxmlrpc.php
[Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/Ads/adxmlrpc.php
[Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/ads/adxmlrpc.php
[Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/xmlrpc.php
[Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/xmlrpc/xmlrpc.php
[Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/xmlsrv/xmlrpc.php
[Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/blog/xmlrpc.php
[Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/drupal/xmlrpc.php
[Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/community/xmlrpc.php
[Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/blogs/xmlrpc.php
[Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/blogs/xmlsrv/xmlrpc.php
[Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/blog/xmlsrv/xmlrpc.php
[Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/blogtest/xmlsrv/xmlrpc.php
[Sat Feb 10 00:16:35 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/b2/xmlsrv/xmlrpc.php
[Sat Feb 10 00:16:35 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/b2evo/xmlsrv/xmlrpc.php
[Sat Feb 10 00:16:35 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/wordpress/xmlrpc.php
[Sat Feb 10 00:16:35 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/phpgroupware/xmlrpc.php
I have nothing to be exploited so I'm thinking that wasn't the cause either.
I checked user_beancounters and there are also 0 fail counts.
Quote:
Version: 2.5
uid resource held maxheld barrier limit failcnt
509: kmemsize 4679572 9150217 50000000 50000000 0
lockedpages 0 0 256 256 0
privvmpages 51822 84271 262140 524280 0
shmpages 10913 10929 21504 21504 0
dummy 0 0 0 0 0
numproc 52 91 400 400 0
physpages 14273 24587 0 2147483647 0
vmguarpages 0 0 131070 2147483647 0
oomguarpages 14912 33040 26112 2147483647 0
numtcpsock 16 146 360 360 0
numflock 1 6 188 206 0
numpty 2 2 16 16 0
numsiginfo 0 25 256 256 0
tcpsndbuf 154284 371176 1720320 2703360 0
tcprcvbuf 197308 539932 1720320 2703360 0
othersockbuf 13416 239892 1126080 2097152 0
dgramrcvbuf 0 2800 262144 262144 0
numothersock 13 27 360 360 0
dcachesize 0 0 2273280 2416640 0
numfile 1199 2022 5820 5820 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
numiptent 89 89 128 128 0
View 2 Replies
View Related
May 18, 2009
How can see wich vps used more server resource in openvz/hypervm.
View 3 Replies
View Related
Mar 23, 2015
I have a single mysql process that never stops and running with 10-200% CPU load: URL....
I restart mysql => process coming back
I restart server => process coming back
I kill process => process coming back
I have run:
# mysqladmin -uadmin -p`cat /etc/psa/.psa.shadow` -i 1 processlist
but there was noting that runs >10min.
Code:
> SHOW FULL PROCESSLIST;
+------+-------+-----------+------+---------+------+-------+-----------------------+
| Id | User | Host | db | Command | Time | State | Info |
+------+-------+-----------+------+---------+------+-------+-----------------------+
| 328 | admin | localhost | psa | Sleep | 56 | | NULL |
| 8110 | admin | localhost | NULL | Query | 0 | init | SHOW FULL PROCESSLIST |
+------+-------+-----------+------+---------+------+-------+-----------------------+
2 rows in set (0.00 sec)
I have strace the PID
Code:
# timeout 1m strace -f -c -p 5873
Process 5873 attached with 30 threads - interrupt to quit
Process 10499 attached (waiting for parent)
Process 10499 resumed (parent 5873 ready)
Process 10502 attached (waiting for parent)
Process 10502 resumed (parent 5873 ready)
Process 10503 attached (waiting for parent)
[code]....
I found with google a hint for high cpu URL....I have deinstalled "health monitor" module, but that was not the reason.I use plesk 12.0.18 Update #38 with CentOS 6.6 (Final).
View 2 Replies
View Related
Jul 22, 2007
Code:
[root@serwer /]# httpd restart
/usr/sbin/httpd restart: httpd not running, trying to start
/usr/sbin/httpd restart: httpd could not be started
Code:
[root@serwer /]# httpd status
Looking up localhost
Making HTTP connection to localhost
Alert!: Unable to connect to remote host.
lynx: Can't access startfile [url]
View 14 Replies
View Related
May 25, 2009
How can see wich user have more mysql process?
View 2 Replies
View Related
Nov 3, 2009
Recently, there are a lot of "apache" processes hogging my Cpanel server with the default owner "nobody". How could I track the apache process back to which user is using it?
View 8 Replies
View Related
Oct 22, 2009
I can access FTP, SSH and httpd is showed as running when i check with 'httpd status'. Memory ram has half of them left(except that swap is 0,0).
I can't access my site via browser
Why tried restarting
[root@web2 ~]# service httpd start
Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
[FAILED]
[root@web2 ~]#
View 11 Replies
View Related
Feb 20, 2007
the error log shows nothing out of the ordinary.. but its taking about 2-3 minutes to start.. which before it would take about 10 seconds.
load is fine on the machine, free mem is fine also.
View 2 Replies
View Related
Sep 1, 2007
I trying:
Code:
[root@serwer /]# httpd restart
/usr/sbin/httpd restart: httpd not running, trying to start
/usr/sbin/httpd restart: httpd could not be started
Code:
[root@serwer /]# /etc/rc.d/init.d/httpd configtest
Syntax OK
Help
View 7 Replies
View Related
Mar 29, 2015
We run httpd-2.2.3 on CentOS 5.8 with caching enable. The server has been running for 4 years, but htcacheclean has never been run. The cache folder is about 10GB now (a "du" on the folder takes a very long time to complete). Should we expect any problem when running htcacheclean for a first time such as server slowing or freezing, ... Furthermore, in case of freezing, if we disable caching and restart the server, do we expect any problems? We did a few test on our test servers, and everything was fine, but our test servers do not have a large cache folder.
View 7 Replies
View Related
May 14, 2015
I tried to setup a cronjob to run a php script. Something simple like this:
php /var/www/vhosts/onlinehome-server.info/mydomain.co.uk/script.php
didn't worked. So I used the terminal as root and I noticed that php is not running script not even as root.
not even commands like php -v works. I don't get any error back.
Plesk version 12.0
View 5 Replies
View Related
Jun 27, 2007
Our web developer is logging in as root through SSH but log files do not show a record. We are getting the normal email notification but last & last -a does not show that they have logged in. Anyone seen this before?
View 7 Replies
View Related
Apr 18, 2008
I run a FreeBSD box as my file and webserver I use a DynDns domain name and run the little update program. But anyway when ever I use my lappy and when ever my lappy makes an outgoing connection a login prompt comes up asking to connect to my domain. It used to just say my public IP but I edited hosts.rc so now it says my domain on the prompt.
Is this somthing to do with samba or apache on BSD or is windows detecting that I host my own or what.
View 1 Replies
View Related
Oct 25, 2007
When I deleted a database, the user apparently was orphaned because when I tried to recreate it, it returned "user already exists". I've never encountered that problem although from Googling, I see others have and they delete the user to get around it.
When I log into mysql using the da_admin@ account and attempt to remove the user with drop user <user_name>; I receive the following error message:
ERROR 1227 (42000): Access denied; you need the CREATE USER privilege for this operation
It seems I don't have rights even as the root user. How can I get remove the orphaned user?
View 8 Replies
View Related
Jun 8, 2007
I'm getting the error after running
[root@server ~]# mysqladmin processlist
Quote:
mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: NO)'
I'm running plesk on FC4.
Not too sure why it says failed or denied, as I'm root?
View 3 Replies
View Related
Aug 1, 2007
i can not login to my decated server by using root. the password is not correct.. becasue i did something wrong with my server. i used chmod 777 -R /public_hmtl and chown to modify my server. and i can not login anymore, LT asked me to reload my server, do i need to reload it?
View 6 Replies
View Related
Jun 27, 2014
Looking at a server with Plesk 12 installed there is no root user shown in tools & settings / scheduled tasks.
Login as root and crontab -l shows root has some tasks.
On a similar server with Plesk 11.5 installed can see root user shown in tools & settings / scheduled tasks.
View 1 Replies
View Related
