Hi sorry for the vague topic header, but don't know how to describe this really and secondly i dont have much understanding of linux/debian. Running ISPconfig preconfigured & installed on an RPS I buy from OVH.CO.UK. When I visit my sites, it works fine, but if I play around in my ISPconfig admin panel, and change stuff, (e.g. add a new website), the server goes unresoonsive for quite a while, sometimes up to 20mins. My websites would bring up the ERROR 500 ISPconfig page. When I SSH into the server as root. I get a "new mail" from root. Stating: Code: Message 6: From [email protected] Wed Oct 14 05:16:59 2009 X-Original-To: [email protected] X-Virus-Scanned: Debian amavisd-new at r25884.ovh.net Subject: [rkhunter] r25884.ovh.net - Daily report To: [email protected] Date: Wed, 14 Oct 2009 05:16:38 +0200 (CEST) From: [email protected] (root) Warning: The file properties have changed: File: /usr/bin/perl Current hash: b272c18a5f493859ff57164a188875ed67ce0223 Stored hash : 713eaf1b9d1eb771b1c2de08ee36138f610f42cb Current inode: 99797 Stored inode: 96529 Current size: 1253828 Stored size: 1254016 Current file modification time: 1251499526 Stored file modification time : 1230815058 One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log) Don't know if that means anything, but when I manual restart apache2 I get this problem: Code: r25884:~# /etc/init.d/apache2 restart Restarting web server: apache2[Wed Oct 14 21:18:24 2009] [warn] NameVirtualHost 87.98.167.113:443 has no VirtualHosts ... waiting ...[Wed Oct 14 21:18:29 2009] [warn] NameVirtualHost 87.98.167.113:443 has no VirtualHosts . My server has 2 IP's [94.23.63.157 & 87.98.167.113] Can anyone assist in fixing this or, tell me how to. Its quite irritating, since I would like to make use of my webspace. Thanks in advance.
First message is worrisome because it could be that something is installed on your system or uploaded through bad patched webapp. Was your server patched with the latest patches? When the server slows down, can you do type uptime to see the load, and later on ps aux to see if you have any unknown services running. Anything weird in apache, system logs? Seems like your server is injected with something.
Have you updated the server (not ISPConfig)? Updates to perl could also trigger the rkhunter message.
Regarding the 500 error. Please take a look at the apache error log file and post the error message that you find there. Additional question: is this a physical server or vserver?
rserver, real hardware, just the harddrive is on iSCSI. (RPS @ ovh.co.uk) i've updated the server, still the same problem. I SSH'ed, then I wget a big file like ubuntu distro. Speeds goes from 900 KBps to 0, for about 30 seconds. (during that time i cannot open any websites or anything), then it goes back up to normal download speed. This loops every couple of minutes. Regards,
Someone seems to try to access random filenames on your server, never seen that before. Please try to scan your server with rkunter.
