High Httpd actvity crashing server

Support for security such as Firewalls and securing linux
Post Reply
Paul_DY
Posts: 1
Joined: 2014/05/17 14:50:26

High Httpd actvity crashing server

Post by Paul_DY » 2014/05/17 15:40:09

Hope this is the right place to post this question.

Our server is running; Plesk 11.0.9 and CentOS 5.7 it has a Q8200 CPU @ 2.33GHz and 2GB of RAM. Now there are just two websites on the server plus a couple of redirects/forwarding domains, although lots of domains are still on the server but turned off in Plesk. Both websites are OSCommerce sites and I just need to keep these sites going until the end of the year when we will switch to our new Joomla based website.

Sadly our web designer who was the guy who last maintained the server, passed away at the beginning of the year and I have had to step in and from knowing nothing about LINUX servers have been frantically learning as much as I could but now I seem to have reached the end of my abilities !!

We have seen an increasing number of server crashes and after various checks of the logs, fitting a new BIOS battery, check of the hardware by EasySpace who host the server, installation of ClamAV, LMD and RKHunter (which did find some Trojans and Suspect software), I have traced it down to some external Http activity that is taking all of my CPU time and RAM. Here is a screen capture of the Htop listing and when I killed these processes the CPU and RAM went back to normal. The problem is that I usually have to restart the HTTPD service and sometimes things get so bad that the server crashes and I have to request a power cycle.

Frankly it is driving me crazy and I just do not know what to do next - any ideas ?
Attachments
High Httpd Activity.png
High Httpd Activity.png (69 KiB) Viewed 4075 times

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: High Httpd actvity crashing server

Post by gerald_clark » 2014/05/17 16:25:42

You are running Plesk now, not CentOS, and you are way out of date on security fixes.
You will need to go to Plesk for support.

unspawn
Posts: 172
Joined: 2006/12/11 12:28:52

Re: High Httpd actvity crashing server

Post by unspawn » 2014/05/24 10:50:29

Paul_DY wrote:We have seen an increasing number of server crashes and after various checks of the logs, (..) installation of ClamAV, LMD and RKHunter (which did find some Trojans and Suspect software),
It would have been helpful if you actually posted what it found.

Paul_DY wrote:I have traced it down to some external Http activity that is taking all of my CPU time and RAM. Here is a screen capture of the Htop listing and (..)
Note that restarting services or servers without first listing volatile data ('lsof -Pwln; netstat -an;last -wai', that kind of stuff) you may free resources but that's just combating symptoms and not addressing the cause. Looking at the screen shot the previous poster could have told you that you seem to be running a Bitcoin miner out of /tmp, called "rus3"...

Post Reply

Return to “CentOS 5 - Security Support”