Problem 100% CPU ispconfig_httpd -DSSL

Discussion in 'Installation/Configuration' started by Captain, Feb 17, 2010.

  1. Captain

    Captain Member

    Hello!
    Have this problem server CPU usage 100%
    user admispconfig
    command: /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL

    What it can be?

    For what this process is needed?

    Big thnks!
     
    Last edited: Feb 17, 2010
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This s sthe ispconfig interface, but I've never seen that it used that much cpu. Please check your server with rkhunter and chkrootkit.
     
  3. Captain

    Captain Member

    After checking:
    Code:
    Checking `bindshell'... INFECTED (PORTS:  1524 6667 31337)
    
    Nmap in local area
    Code:
    Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-17 19:40 EET
    Illegal netmask value (1524), must be /1 - /32 .  Assuming /32 (one host)
    Interesting ports on srv.domai.com (192.168.123.111):
    Not shown: 1681 closed ports
    PORT      STATE SERVICE
    1/tcp     open  tcpmux
    11/tcp    open  systat
    15/tcp    open  netstat
    21/tcp    open  ftp
    22/tcp    open  ssh
    25/tcp    open  smtp
    53/tcp    open  domain
    79/tcp    open  finger
    80/tcp    open  http
    81/tcp    open  hosts2-ns
    110/tcp   open  pop3
    111/tcp   open  rpcbind
    119/tcp   open  nntp
    143/tcp   open  imap
    443/tcp   open  https
    540/tcp   open  uucp
    635/tcp   open  unknown
    993/tcp   open  imaps
    995/tcp   open  pop3s
    1080/tcp  open  socks
    1524/tcp  open  ingreslock
    2000/tcp  open  callbook
    3306/tcp  open  mysql
    6667/tcp  open  irc
    10000/tcp open  snet-sensor-mgmt
    12345/tcp open  netbus
    12346/tcp open  netbus
    27665/tcp open  Trinoo_Master
    31337/tcp open  Elite
    32771/tcp open  sometimes-rpc5
    32772/tcp open  sometimes-rpc7
    32773/tcp open  sometimes-rpc9
    32774/tcp open  sometimes-rpc11
    54320/tcp open  bo2k
    
    Nmap from internet:
    Code:
    Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-17 19:41 EET
    Interesting ports on mail.domain.com (154.136.112.156):
    Not shown: 1707 filtered ports
    PORT    STATE SERVICE
    21/tcp  open  ftp
    22/tcp  open  ssh
    25/tcp  open  smtp
    53/tcp  open  domain
    80/tcp  open  http
    110/tcp open  pop3
    143/tcp open  imap
    443/tcp open  https
    
    It is ok?

    Thank you!
     
  4. Captain

    Captain Member

    Still have this problem.
    100% CPU usage
    Help only ispconfig_server restart!

    Please help!
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you had a old phpmyadmin version installed, there had been a few hacked servers trough this some months ago. This allowed the hackers to run some scripts on the ispconfig httpd server as phpmyadmin runs on the same httpd.

    To fix this, I recommend that you do this:

    1) stop ispconfig:

    /etc/init.d/ispconfig_server stop

    2) Move the ispconfig folder to another place:

    mv /home/admispconfig/ispconfig /home/admispconfig/ispconfig_old

    3) copy back the ispconfig config file:

    mkdir -p /home/admispconfig/ispconfig/lib
    cp -prf /home/admispconfig/ispconfig_old/lib/config.inc.php /home/admispconfig/ispconfig/lib/config.inc.php

    4) Download the latest ISPConfig 2 release (2.2.35), unpack it and run the setup script. This will update ispconfig and recreate the contents in /home/admispconfig/ispconfig
     
  6. Captain

    Captain Member

    Thank you!

    I will try this.
    But now I have 2.2.35 version.
    After reinstall I feedback you.

    Big thnks!
     
  7. Captain

    Captain Member

    Now all work great!
    Big thnks Till!
     
  8. Captain

    Captain Member

    Hi Till!

    I still have this problem, please help!

    I am update Ubuntu from 8.10 to 9.10

    And after some days i see this BIG CPU load.

    this is print screem from my htop:

    [​IMG]
     
    Last edited: Mar 9, 2010

Share This Page