Hello! Have this problem server CPU usage 100% user admispconfig command: /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL What it can be? For what this process is needed? Big thnks!
This s sthe ispconfig interface, but I've never seen that it used that much cpu. Please check your server with rkhunter and chkrootkit.
After checking: Code: Checking `bindshell'... INFECTED (PORTS: 1524 6667 31337) Nmap in local area Code: Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-17 19:40 EET Illegal netmask value (1524), must be /1 - /32 . Assuming /32 (one host) Interesting ports on srv.domai.com (192.168.123.111): Not shown: 1681 closed ports PORT STATE SERVICE 1/tcp open tcpmux 11/tcp open systat 15/tcp open netstat 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 79/tcp open finger 80/tcp open http 81/tcp open hosts2-ns 110/tcp open pop3 111/tcp open rpcbind 119/tcp open nntp 143/tcp open imap 443/tcp open https 540/tcp open uucp 635/tcp open unknown 993/tcp open imaps 995/tcp open pop3s 1080/tcp open socks 1524/tcp open ingreslock 2000/tcp open callbook 3306/tcp open mysql 6667/tcp open irc 10000/tcp open snet-sensor-mgmt 12345/tcp open netbus 12346/tcp open netbus 27665/tcp open Trinoo_Master 31337/tcp open Elite 32771/tcp open sometimes-rpc5 32772/tcp open sometimes-rpc7 32773/tcp open sometimes-rpc9 32774/tcp open sometimes-rpc11 54320/tcp open bo2k Nmap from internet: Code: Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-17 19:41 EET Interesting ports on mail.domain.com (154.136.112.156): Not shown: 1707 filtered ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https It is ok? Thank you!
I guess you had a old phpmyadmin version installed, there had been a few hacked servers trough this some months ago. This allowed the hackers to run some scripts on the ispconfig httpd server as phpmyadmin runs on the same httpd. To fix this, I recommend that you do this: 1) stop ispconfig: /etc/init.d/ispconfig_server stop 2) Move the ispconfig folder to another place: mv /home/admispconfig/ispconfig /home/admispconfig/ispconfig_old 3) copy back the ispconfig config file: mkdir -p /home/admispconfig/ispconfig/lib cp -prf /home/admispconfig/ispconfig_old/lib/config.inc.php /home/admispconfig/ispconfig/lib/config.inc.php 4) Download the latest ISPConfig 2 release (2.2.35), unpack it and run the setup script. This will update ispconfig and recreate the contents in /home/admispconfig/ispconfig
Thank you! I will try this. But now I have 2.2.35 version. After reinstall I feedback you. Big thnks!
Hi Till! I still have this problem, please help! I am update Ubuntu from 8.10 to 9.10 And after some days i see this BIG CPU load. this is print screem from my htop: