Community Forums
Connect with us on LinkedIn
CSF Firewall giving lfd sql error?
  
+ Reply to Thread
Results 1 to 3 of 3
  1. 06-22-2009 04:14 PM #1
    Chriz1977
    Chriz1977 is offline
    Member Chriz1977's Avatar
    Join Date
    Sep 2006
    Posts
    191

    Default CSF Firewall giving lfd sql error?

    Hi

    I run ConfigServer Firewall on my server and seem to have had a lot of ldf warnings about sql in the past few days. The message is this :

    Time: Mon Jun 22 21:04:32 2009 +0100
    PID: 18547
    Account: mysql
    Uptime: 154022 seconds


    Executable:

    /usr/sbin/mysqld\004a3d8a13\00\90\a3k\n\00\00\00 (deleted)

    The file system shows this process is running an executable file that has been deleted. This typically happens when the original file has been replaced by a new file when the application is updated. To prevent this being reported again, restart the process that runs this excecutable file. See csf.conf and the PT_DELETED text for more information about the security implications of processes running deleted executable files.


    Command Line (often faked in exploits):

    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/server.xxx.com.pid --skip-external-locking


    Network connections by the process (if any):

    tcp: 0.0.0.0:3306 -> 0.0.0.0:0


    Files open by the process (if any):

    /dev/null
    /var/lib/mysql/server.xxx.com.err
    /var/lib/mysql/server.xxx.com.err
    /var/lib/mysql/ibdata1
    /tmp/ibHPIa1D (deleted)
    /tmp/ibGPGFLX (deleted)
    /tmp/ibdtabwh (deleted)
    /tmp/ibL740gB (deleted)
    /var/lib/mysql/ib_logfile0
    /var/lib/mysql/ib_logfile1
    /tmp/ib8TxB3U (deleted)
    /var/lib/mysql/eximstats/smtp.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_components.MYI
    /var/lib/mysql/myukhost_coin1/phpcoin_banned.MYI
    /var/lib/mysql/gathera_wrdp1/wp_term_relationships.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_banner.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_session.MYI
    /var/lib/mysql/gathera_wrdp1/wp_postmeta.MYI
    /var/lib/mysql/myukhost_coin1/phpcoin_banned.MYD
    /var/lib/mysql/eximstats/smtp.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_groups.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_session.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_groups.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_menu.MYD
    /var/lib/mysql/palzyco_mail/sm_solo.MYI
    /var/lib/mysql/palzyco_mail/sm_solo.MYD
    /var/lib/mysql/palzyco_mail/sm_domains.MYI
    /var/lib/mysql/palzyco_mail/sm_domains.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_menu.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_categories.MYI
    /var/lib/mysql/mancunia_wrdp1/wp_postmeta.MYI
    /var/lib/mysql/myukhost_coin1/phpcoin_sessions.MYI
    /var/lib/mysql/myukhost_coin1/phpcoin_parameters.MYI
    /var/lib/mysql/artshop_ebay/categories.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_components.MYD
    /var/lib/mysql/gathera_wrdp1/wp_postmeta.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_users.MYI
    /var/lib/mysql/gathera_wrdp1/wp_comments.MYI
    /var/lib/mysql/myukhost_coin1/phpcoin_parameters.MYD
    /var/lib/mysql/watchavi_home/userlog.MYI
    /var/lib/mysql/gathera_wrdp2/wp_term_relationships.MYI
    /var/lib/mysql/bosshos_whmcs/tblannouncements.MYI
    /var/lib/mysql/gathera_wrdp1/wp_users.MYI
    /var/lib/mysql/gathera_wrdp2/wp_usermeta.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_modules.MYI
    /var/lib/mysql/gathera_wrdp1/wp_posts.MYI
    /var/lib/mysql/artshop_ebay/categories.MYD
    /var/lib/mysql/gathera_wrdp2/wp_term_relationships.MYD
    /var/lib/mysql/mancunia_wrdp1/wp_options.MYI
    /var/lib/mysql/gathera_wrdp1/wp_users.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_content.MYI
    /var/lib/mysql/gathera_wrdp1/wp_usermeta.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_modules.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_users.MYD
    /var/lib/mysql/watchavi_home/online_users.MYI
    /var/lib/mysql/gathera_wrdp2/wp_comments.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_templates_menu.MYI
    /var/lib/mysql/gathera_wrdp1/wp_options.MYI
    /var/lib/mysql/bosshos_whmcs/tblannouncements.MYD
    /var/lib/mysql/gathera_wrdp2/wp_users.MYI
    /var/lib/mysql/watchavi_home/online_users.MYD
    /var/lib/mysql/gathera_wrdp1/wp_posts.MYD
    /var/lib/mysql/watchavi_home/siteconfig.MYI
    /var/lib/mysql/mancunia_wrdp1/wp_usermeta.MYI
    /var/lib/mysql/gathera_wrdp2/wp_terms.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_modules_menu.MYI
    /var/lib/mysql/gathera_wrdp1/wp_usermeta.MYD
    /var/lib/mysql/watchavi_home/banners.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_sections.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_categories.MYD
    /var/lib/mysql/myukhost_coin1/phpcoin_versions.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_stats_agents.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_sections.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_modules_menu.MYD
    /var/lib/mysql/watchavi_home/banners.MYD
    /var/lib/mysql/myukhost_coin1/phpcoin_sessions.MYD
    /var/lib/mysql/gathera_wrdp2/wp_options.MYI
    /var/lib/mysql/mancunia_wrdp1/wp_postmeta.MYD
    /var/lib/mysql/mancunia_wrdp1/wp_posts.MYI
    /var/lib/mysql/gathera_wrdp1/wp_terms.MYI
    /var/lib/mysql/watchavi_home/banned.MYI
    /var/lib/mysql/webeses_razas/general.MYI
    /var/lib/mysql/myukhost_coin1/phpcoin_components.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_menu.MYD
    /var/lib/mysql/mancunia_wrdp1/wp_posts.MYD
    /var/lib/mysql/webeses_razas/general.MYD
    /var/lib/mysql/gathera_wrdp1/wp_term_relationships.MYD
    /var/lib/mysql/eximstats/sends.MYI
    /var/lib/mysql/gathera_wrdp2/wp_options.MYD
    /var/lib/mysql/gathera_wrdp2/wp_terms.MYD
    /var/lib/mysql/artshop_ebay/ads.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_content_frontpage.MYI
    /var/lib/mysql/gathera_wrdp1/wp_comments.MYD
    /var/lib/mysql/gathera_wrdp2/wp_users.MYD
    /var/lib/mysql/gathera_wrdp2/wp_usermeta.MYD
    /var/lib/mysql/myukhost_coin1/phpcoin_site_info.MYI
    /var/lib/mysql/myukhost_coin1/phpcoin_site_info.MYD
    /var/lib/mysql/watchavi_home/userlog.MYD
    /var/lib/mysql/mancunia_wrdp1/wp_term_relationships.MYI
    /var/lib/mysql/mancunia_wrdp1/wp_term_relationships.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_banner.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_templates_menu.MYD
    /var/lib/mysql/gathera_wrdp1/wp_options.MYD
    /var/lib/mysql/gathera_wrdp2/wp_term_taxonomy.MYI
    /var/lib/mysql/gathera_wrdp2/wp_posts.MYI
    /var/lib/mysql/artshop_ebay/options.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_mambots.MYI
    /var/lib/mysql/gathera_wrdp2/wp_postmeta.MYI
    /var/lib/mysql/watchavi_home/banned.MYD
    /var/lib/mysql/mancunia_wrdp1/wp_usermeta.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_stats_agents.MYD
    /var/lib/mysql/gathera_wrdp2/wp_term_taxonomy.MYD
    /var/lib/mysql/gathera_wrdp1/wp_terms.MYD
    /var/lib/mysql/myukhost_coin1/phpcoin_menu_blocks.MYI
    /var/lib/mysql/mancunia_wrdp1/wp_term_taxonomy.MYI
    /var/lib/mysql/eurosky_euroskytv/jos_content.MYD
    /var/lib/mysql/eximstats/sends.MYD
    /var/lib/mysql/artshop_ebay/options.MYD
    /var/lib/mysql/myukhost_coin1/phpcoin_menu_blocks.MYD
    /var/lib/mysql/gathera_wrdp1/wp_term_taxonomy.MYI
    /var/lib/mysql/gathera_wrdp2/wp_postmeta.MYD
    /var/lib/mysql/mancunia_wrdp1/wp_users.MYI
    /var/lib/mysql/mancunia_wrdp1/wp_users.MYD
    /var/lib/mysql/gathera_wrdp1/wp_term_taxonomy.MYD
    /var/lib/mysql/mancunia_wrdp1/wp_term_taxonomy.MYD
    /var/lib/mysql/gathera_wrdp2/wp_posts.MYD
    /var/lib/mysql/mancunia_wrdp1/wp_options.MYD
    /var/lib/mysql/myukhost_coin1/phpcoin_versions.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_content_frontpage.MYD
    /var/lib/mysql/myukhost_coin1/phpcoin_menu_blocks_items.MYI
    /var/lib/mysql/artshop_ebay/ads.MYD
    /var/lib/mysql/mancunia_wrdp1/wp_terms.MYI
    /var/lib/mysql/mancunia_wrdp1/wp_terms.MYD
    /var/lib/mysql/myukhost_coin1/phpcoin_menu_blocks_items.MYD
    /var/lib/mysql/watchavi_home/siteconfig.MYD
    /var/lib/mysql/myukhost_coin1/phpcoin_components.MYD
    /var/lib/mysql/gathera_wrdp2/wp_comments.MYD
    /var/lib/mysql/eurosky_euroskytv/jos_mambots.MYD

    Has anyone seen this before or know what the problem is?

    Cheers
    Chriz
    When I was young I used to break Windows, Now Microsoft does it for me!
    Reply With Quote Reply With Quote
  2. 06-22-2009 05:54 PM #2
    Infopro
    Infopro is offline
    cPanel Product Evangelist Infopro's Avatar
    Join Date
    May 2003
    Location
    Pennsylvania
    Posts
    7,893
    cPanel/Enkompass Access Level

    Root Administrator

    Lightbulb

    You'll find more reading (and help for CSF) over here:

    Process Tracking and csf.pignore - ConfigServer Scripts Forum
    Reply With Quote Reply With Quote
  3. 07-13-2009 12:25 AM #3
    brianoz
    brianoz is offline
    Member brianoz's Avatar
    Join Date
    Mar 2004
    Location
    Melbourne, Australia
    Posts
    1,117
    cPanel/Enkompass Access Level

    Root Administrator

    Default

    Try restarting mysql and lfd; we've got that message in the past when mysql has been upgraded on disk but the old copy is still in memory.
    Reply With Quote Reply With Quote
«   Failed to remote Cpanel mysql | Is Cpanel is an enterprise solution »     
Similar Threads & Tags
Similar threads

  1. CSf Firewall: Edit csf.deny, the IP address deny file (Currently:1000 permanent IP b
    By crazyaboutlinux in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 12-09-2010, 06:23 AM
  2. CSF Firewall giving lfd sql error?
    By Chriz1977 in forum cPanel and WHM Discussions
    Replies: 2
    Last Post: 07-13-2009, 12:25 AM
  3. csf/lfd firewall
    By Blaze_SCN in forum cPanel and WHM Discussions
    Replies: 6
    Last Post: 06-25-2008, 11:35 AM
  4. CSF/LFD -- lfd.log question
    By bmcpanel in forum cPanel and WHM Discussions
    Replies: 3
    Last Post: 08-26-2007, 11:40 PM
  5. csf / lfd
    By chmod root in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 11-17-2006, 09:37 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube