I have read that running httpd under user nobody is not safe at all so I installed mod_suhosin and suphp but still the httpd is running under user nobody.
Could anyone suggest me how to check if they are installed good and are they working? I don't know why is this happening
I am pretty sure that the following entries in the logs are not good and I would like to resolve this issue. I have been reading on Google for several hours straight looking for answers and have come up short.
[/var/log]# grep -i -C4 failed maillog | tail -18 Jul 29 10:12:29 bamboo spamd[31310]: spamd: setuid to root succeeded Jul 29 10:12:29 bamboo spamd[31310]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody Jul 29 10:12:29 bamboo spamd[31310]: spamd: processing message <GTUBE1.1010101@example.net> for root:99 Jul 29 10:12:29 bamboo spamd[31310]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock.bamboo.site.com.31310 for /.spamassassin/auto-whitelist.lock: No such file or directory Jul 29 10:12:29 bamboo spamd[31310]: spamd: identified spam (1000.0/5.0) for root:99 in 0.0 seconds, 834 bytes. Jul 29 10:12:29 bamboo spamd[31310]: spamd: result: Y 999 - GTUBE,NO_RECEIVED,NO_RELAYS ....
In My server i Can see lotz of /usr/local/apache/bin/httpd -k start -DSSL Process also some time it lead to crash of my server,is this caused to improper httpd.con file iam have 200-250 online users here i will give my apachi cofig file
top output from my server shows a this user was creating a lot of proccesses, even this process has been running for about 30 mins, how can I limit the time a process can stay alive? I suspect it was causing a high load on the server when started.
so here is a simple question that i just can't seem to figure out.. when i run the command top or ps -auxw.. they show the httpd processes as the command httpd or /usr/sbin/httpd, but how do i know what file that is? is there anyway to find out what file that is actually getting executed or served?
I had a strange error this morning, httpd was running fine but nothing was loading. All the other services worked fine but I checked the error log and couldn't find anything. I restarted httpd and it's running fine now.
Quote:
[Sat Feb 10 11:48:01 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat Feb 10 11:48:01 2007] [notice] Accept mutex: sysvsem (Default: sysvsem) [Sat Feb 10 13:06:02 2007] [notice] caught SIGTERM, shutting down [Sat Feb 10 13:06:03 2007] [notice] Apache configured -- resuming normal operations [Sat Feb 10 13:06:03 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat Feb 10 13:06:03 2007] [notice] Accept mutex: sysvsem (Default: sysvsem) [Sat Feb 10 20:42:26 2007] [notice] caught SIGTERM, shutting down [Sat Feb 10 20:42:28 2007] [notice] Apache configured -- resuming normal operations [Sat Feb 10 20:42:28 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat Feb 10 20:42:28 2007] [notice] Accept mutex: sysvsem (Default: sysvsem)
Looks just like normal operations... I checked the access log and nothing looked out of the ordinary either.
Anyway the only suspicious thing I saw was the daily scan by spammers to see if I had anything exploitable.
Quote:
[Sat Feb 10 00:16:32 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/a1b2c3d4e5f6g7h8i9/nonexistentfile.php [Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/adxmlrpc.php [Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/adserver/adxmlrpc.php [Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/phpAdsNew/adxmlrpc.php [Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/phpadsnew/adxmlrpc.php [Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/phpads/adxmlrpc.php [Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/Ads/adxmlrpc.php [Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/ads/adxmlrpc.php [Sat Feb 10 00:16:33 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/xmlrpc.php [Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/xmlrpc/xmlrpc.php [Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/xmlsrv/xmlrpc.php [Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/blog/xmlrpc.php [Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/drupal/xmlrpc.php [Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/community/xmlrpc.php [Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/blogs/xmlrpc.php [Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/blogs/xmlsrv/xmlrpc.php [Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/blog/xmlsrv/xmlrpc.php [Sat Feb 10 00:16:34 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/blogtest/xmlsrv/xmlrpc.php [Sat Feb 10 00:16:35 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/b2/xmlsrv/xmlrpc.php [Sat Feb 10 00:16:35 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/b2evo/xmlsrv/xmlrpc.php [Sat Feb 10 00:16:35 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/wordpress/xmlrpc.php [Sat Feb 10 00:16:35 2007] [error] [client 69.13.76.82] File does not exist: /var/www/html/phpgroupware/xmlrpc.php
I have nothing to be exploited so I'm thinking that wasn't the cause either.
I checked user_beancounters and there are also 0 fail counts.
I have a single mysql process that never stops and running with 10-200% CPU load: URL....
I restart mysql => process coming back I restart server => process coming back I kill process => process coming back
I have run: # mysqladmin -uadmin -p`cat /etc/psa/.psa.shadow` -i 1 processlist but there was noting that runs >10min.
Code: > SHOW FULL PROCESSLIST; +------+-------+-----------+------+---------+------+-------+-----------------------+ | Id | User | Host | db | Command | Time | State | Info | +------+-------+-----------+------+---------+------+-------+-----------------------+ | 328 | admin | localhost | psa | Sleep | 56 | | NULL | | 8110 | admin | localhost | NULL | Query | 0 | init | SHOW FULL PROCESSLIST | +------+-------+-----------+------+---------+------+-------+-----------------------+ 2 rows in set (0.00 sec) I have strace the PID
Code: # timeout 1m strace -f -c -p 5873 Process 5873 attached with 30 threads - interrupt to quit Process 10499 attached (waiting for parent) Process 10499 resumed (parent 5873 ready) Process 10502 attached (waiting for parent) Process 10502 resumed (parent 5873 ready) Process 10503 attached (waiting for parent)
[code]....
I found with google a hint for high cpu URL....I have deinstalled "health monitor" module, but that was not the reason.I use plesk 12.0.18 Update #38 with CentOS 6.6 (Final).
Code: [root@serwer /]# httpd restart /usr/sbin/httpd restart: httpd not running, trying to start /usr/sbin/httpd restart: httpd could not be started
Code: [root@serwer /]# httpd status Looking up localhost Making HTTP connection to localhost Alert!: Unable to connect to remote host. lynx: Can't access startfile [url]
Recently, there are a lot of "apache" processes hogging my Cpanel server with the default owner "nobody". How could I track the apache process back to which user is using it?
I can access FTP, SSH and httpd is showed as running when i check with 'httpd status'. Memory ram has half of them left(except that swap is 0,0).
I can't access my site via browser
Why tried restarting [root@web2 ~]# service httpd start Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:80 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs [FAILED] [root@web2 ~]#
We run httpd-2.2.3 on CentOS 5.8 with caching enable. The server has been running for 4 years, but htcacheclean has never been run. The cache folder is about 10GB now (a "du" on the folder takes a very long time to complete). Should we expect any problem when running htcacheclean for a first time such as server slowing or freezing, ... Furthermore, in case of freezing, if we disable caching and restart the server, do we expect any problems? We did a few test on our test servers, and everything was fine, but our test servers do not have a large cache folder.
Our web developer is logging in as root through SSH but log files do not show a record. We are getting the normal email notification but last & last -a does not show that they have logged in. Anyone seen this before?
I run a FreeBSD box as my file and webserver I use a DynDns domain name and run the little update program. But anyway when ever I use my lappy and when ever my lappy makes an outgoing connection a login prompt comes up asking to connect to my domain. It used to just say my public IP but I edited hosts.rc so now it says my domain on the prompt.
Is this somthing to do with samba or apache on BSD or is windows detecting that I host my own or what.
When I deleted a database, the user apparently was orphaned because when I tried to recreate it, it returned "user already exists". I've never encountered that problem although from Googling, I see others have and they delete the user to get around it.
When I log into mysql using the da_admin@ account and attempt to remove the user with drop user <user_name>; I receive the following error message:
ERROR 1227 (42000): Access denied; you need the CREATE USER privilege for this operation
It seems I don't have rights even as the root user. How can I get remove the orphaned user?
i can not login to my decated server by using root. the password is not correct.. becasue i did something wrong with my server. i used chmod 777 -R /public_hmtl and chown to modify my server. and i can not login anymore, LT asked me to reload my server, do i need to reload it?
