The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache and DNS crashes every 24 hours

Discussion in 'Bind / DNS / Nameserver Issues' started by chad101, Apr 15, 2007.

  1. chad101

    chad101 Active Member

    Joined:
    Jun 17, 2006
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    I’m having some difficulties with the apache and dns server failing 2 or 3 times everyday @ the same time…give or take a few hours. An apache or dns restart (sometimes both) seems to fix the problem until next day. I’m not sure if this is due to a dos attack but, to be on the safe side I went ahead and changed the Timeout to 5 seconds in the httpd.conf file and turned the dos prevention on in APF. The apache/dns crashes still occur, this time every 2 or 3 days. So that problem is not fixed. Any ideas on what could now be causing apache and the dns server to crash every 2 or 3 days?

    Also, sense I made these configurations my traffic dropped from 5000+ uniques to under 2000 a day. Is this due to the 5 second Timeout change? Or is my firewall now blocking legitimate traffic?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Check the appropriate log files, /usr/local/apache/logs/error_log and /var/log/messages to see what error messages you get when they fall over. Do you have PRM installed? Is that killing off the processes - that's the most common cause that I've seen.
     
  3. chad101

    chad101 Active Member

    Joined:
    Jun 17, 2006
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Ok i found this in /var/log/messages. Looks like some porn site...which i do not host. What is this saying, I have thousends of these in the messages file

    Code:
    Apr 15 23:33:15 server1 sshd(pam_unix)[28537]: check pass; user unknown
    Apr 15 23:33:15 server1 sshd(pam_unix)[28537]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=www.creamhouse.com 
    Apr 15 23:33:15 server1 sshd(pam_unix)[28540]: check pass; user unknown
    Apr 15 23:33:15 server1 sshd(pam_unix)[28540]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=www.creamhouse.com 
    Apr 15 23:33:18 server1 sshd(pam_unix)[28542]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=www.creamhouse.com  user=mailman
    Apr 15 23:33:18 server1 sshd(pam_unix)[28544]: check pass; user unknown
    Apr 15 23:33:18 server1 sshd(pam_unix)[28544]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=www.creamhouse.com 
    Apr 15 23:33:19 server1 sshd(pam_unix)[28546]: check pass; user unknown
    Apr 15 23:33:19 server1 sshd(pam_unix)[28546]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=www.creamhouse.com 
    Apr 15 23:33:19 server1 sshd(pam_unix)[28547]: check pass; user unknown
    Apr 15 23:33:19 server1 sshd(pam_unix)[28547]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=www.creamhouse.com 
    Apr 15 23:33:19 server1 sshd(pam_unix)[28550]: check pass; user unknown
    Apr 15 23:33:19 server1 sshd(pam_unix)[28550]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=www.creamhouse.com 
     
  4. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    Same problem here

    Nov 23 19:14:25 server sshd(pam_unix)[29614]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a2.f5.5646.static.theplanet.com
    Nov 23 19:14:27 server sshd(pam_unix)[29618]: check pass; user unknown

    Nov 23 19:14:27 server sshd(pam_unix)[29618]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a2.f5.5646.static.theplanet.com

    Nov 23 19:24:59 server pure-ftpd: (comtek2@189.138.198.131) [INFO] Timeout (no operation for 1800 seconds)
    Nov 23 19:25:01 server pure-ftpd: (?@189.138.198.131) [INFO] New connection from 189.138.198.131
    Nov 23 19:25:01 server pure-ftpd: (?@189.138.198.131) [INFO] comtek2 is now logged in
    Nov 23 19:32:13 server pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Nov 23 19:32:13 server pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Nov 23 19:40:40 server pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Nov 23 19:40:40 server pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Nov 23 19:49:06 server pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Nov 23 19:49:06 server pure-ftpd: (?@127.0.0.1) [INFO] Logout.
     
Loading...

Share This Page