dropby23

Well-Known Member
Jan 16, 2005
155
0
166
this is one of my vds and one of a site in this vds is http flooded in evening after that apache was restarted by service monitor everything is working fine apache,cppop,exim,ftpd but in the service status they are all red i think checkserver is not working hoe can i fix it

running processes in my server
19236 root 0 1.9 0.0 /usr/local/apache/bin/httpd -DSSL
5312 root 0 1.3 0.0 3 top -n 2 -b -
5521 erkan 0 1.3 0.0 cpaneld - serving 81.213.72.105
29602 mysiz 0 0.9 0.0 ./sc_serv
32607 root 0 0.9 0.0 cpsrvd - waiting for connections
6368 erkan 0 0.9 0.0 cpaneld - serving 81.213.72.105
6464 erkan 0 0.9 0.0 cpaneld - serving 81.213.72.105
6816 erkan 0 0.9 0.0 cpaneld - serving 81.213.72.105
29540 domainyo 0 0.7 0.0 ./sc_serv sc_serv.conf
6272 erkan 0 0.7 0.0 cpaneld - serving 81.213.72.105
6306 erkan 0 0.7 0.0 cpaneld - serving 81.213.72.105
6432 erkan 0 0.7 0.0 cpaneld - serving 81.213.72.105
6592 erkan 0 0.7 0.0 cpaneld - serving 81.213.72.105
6400 erkan 0 0.5 0.0 cpaneld - serving 81.213.72.105
6882 root 0 0.5 0.0 whostmgrd - serving 81.215.24.51
6336 erkan 0 0.3 0.0 cpaneld - serving 81.213.72.105
1 root 0 0.1 0.0 init
9555 root 0 0.0 0.0 syslogd -m 0
10616 named 0 0.0 0.0 /usr/sbin/named -u named
10851 root 0 0.0 0.0 xinetd -stayalive -pidfile /var/run/xinetd.pid
16528 root 0 0.0 0.0 crond
16639 root 0 0.0 0.0 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-file=/var/lib/mysql/2640.fdcservers.net.pid
16907 mysql 0 0.0 0.1 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/2640.fdcservers.net.pid --skip-locking
23574 root 0 0.0 0.0 /usr/sbin/portsentry -tcp
25376 sd537 0 0.0 0.0 /home/sd537/Unreal3.2/src/ircd
29728 sd537 0 0.0 0.0 ./ircservices
23490 mysiz 0 0.0 0.0 /home/mysiz/Unreal3.2/src/ircd
4648 mysiz 0 0.0 0.0 ./proxy
29249 mysiz 0 0.0 0.0 ./ircservices
4768 sohbetce 0 0.0 0.0 /home/sohbetce/Unreal3.2/src/ircd
26246 sohbetce 0 0.0 0.0 ./services
27493 cimci 0 0.0 0.0 /home/cimci/Unreal3.2/src/ircd
28960 cimci 0 0.0 0.0 ./ircservices
4641 cimci 0 0.0 0.0 ./eggdrop -m oyun.conf
8064 cimci 0 0.0 0.0 ./eggdrop -m koruma.conf
21463 cimci 0 0.0 0.0 ./proxy
5834 mailnull 0 0.0 0.0 /usr/bin/perl /usr/local/cpanel/bin/eximstats
5847 mailman 0 0.0 0.0 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl -s start
5856 mailman 0 0.0 0.0 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
5888 mailman 0 0.0 0.0 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
5920 mailman 0 0.0 0.0 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
5952 mailman 0 0.0 0.0 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
6016 mailman 0 0.0 0.0 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
6048 mailman 0 0.0 0.0 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
6144 mailman 0 0.0 0.0 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
6208 mailman 0 0.0 0.0 /usr/bin/python2 /usr/local/cpanel/3rdparty/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
395 cpanel 0 0.0 0.0 /usr/bin/stunnel-4.04local /usr/local/cpanel/etc/stunnel/default/stunnel.conf
19936 ejder 0 0.0 0.0 ./eggdrop -m koruma.conf
18944 root 0 0.0 0.0 cppop - accepting on port 110
8416 root 0 0.0 0.0 /usr/sbin/clamd
8609 mailnull 0 0.0 0.0 /usr/sbin/exim -bd -q60m
8768 mailnull 0 0.0 0.0 /usr/sbin/exim -tls-on-connect -bd -oX 465
14055 root 0 0.0 0.2 /usr/bin/spamd -d --allowed-ips=127.0.0.1 --pidfile=/var/run/spamd.pid --max-children=5
14234 root 0 0.0 0.0 antirelayd
16833 root 0 0.0 0.2 spamd child
16965 root 0 0.0 0.2 spamd child
16993 root 0 0.0 0.2 spamd child
17121 root 0 0.0 0.2 spamd child
17152 root 0 0.0 0.2 spamd child
17633 root 0 0.0 0.0 pure-ftpd (SERVER)
17729 root 0 0.0 0.0 /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/sbin/pureauth
14625 ejder 0 0.0 0.0 /home/ejder/Unreal3.2/src/ircd
2932 ejder 0 0.0 0.0 ./proxy
3696 ejder 0 0.0 0.0 ./ircservices
19319 erkan 0 0.0 0.0 pure-ftpd (IDLE)
6753 sezgin 0 0.0 0.0 pure-ftpd (IDLE)
23329 root 0 0.0 0.0 /usr/bin/perl /usr/local/cpanel/bin/leechprotect
28926 root 0 0.0 0.0 sshd -i
420 tanta 0 0.0 0.0 -bash
5337 tanta 0 0.0 0.0 /home/tanta/Unreal3.2/src/ircd
4230 sohbetce 0 0.0 0.0 ./proxy
29151 sd537 0 0.0 0.0 pure-ftpd (IDLE)
5376 tanta 0 0.0 0.0 pure-ftpd (IDLE)
31489 tanta 0 0.0 0.0 ./ircservices
27073 ftp 0 0.0 0.0 pure-ftpd (IDLE)
17666 sohbetce 0 0.0 0.0 pure-ftpd (IDLE)
4416 root 0 0.0 0.0 whostmgrd - serving 81.215.24.51
5281 root 0 0.0 0.1 /usr/local/cpanel/whostmgr/bin/whostmgr2 ./top
 

Attachments

R

Ramsy

Guest
usually takes some time for it to refresh ..
else you could restart cpanel with "service cpanel restart" ..
also find out what caused the crashed in /var/log/messages etc ...
 

dropby23

Well-Known Member
Jan 16, 2005
155
0
166
nothing unusual in logs
i restarted cpanel

[email protected] [/]# /etc/rc.d/init.d/cpanel restart
Stopping cPanel services: [ OK ]
Stopping pop3 services: [ OK ]
Stopping cPanel log services: [ OK ]
Stopping cPanel Chat services: [FAILED]
Stopping Melange Chat services: [FAILED]
Stopping InterChange services: [FAILED]
Stopping cPanel ssl services: [ OK ]

Stopping mailman services: Shutting down Mailman's master qrunner

Starting eximstats: [ OK ]
Starting cPanel services: [ OK ]
Starting cPanel Log services: [ OK ]
Starting pop3 services: [ OK ]
Starting cPanel Chat services:
Starting Melange Chat services:
Starting cPanel ssl services: [ OK ]
Starting mailman services: Starting Mailman's master qrunner.
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
Your server is under serious attack and you need to clean up, secure your server and then you can get these services up and running.
 

bagel50

Member
Jun 1, 2005
11
0
151
Old thread, I know, but...

I've just had a strange occurence of cpsrvd failing after an update, managed to get it working again with # /usr/local/cpanel/cpsrvd after another # /scripts/upcp. Before I did so I tried # service cpanel restart. The output was exactly the same as dropby23's -
[email protected] [/]# /etc/rc.d/init.d/cpanel restart
Stopping cPanel services: [ OK ]
Stopping pop3 services: [ OK ]
Stopping cPanel log services: [ OK ]
Stopping cPanel Chat services: [FAILED]
Stopping Melange Chat services: [FAILED]
Stopping InterChange services: [FAILED]
Stopping cPanel ssl services: [ OK ]

Stopping mailman services: Shutting down Mailman's master qrunner

Starting eximstats: [ OK ]
Starting cPanel services: [ OK ]
Starting cPanel Log services: [ OK ]
Starting pop3 services: [ OK ]
Starting cPanel Chat services:
Starting Melange Chat services:
Starting cPanel ssl services: [ OK ]
Starting mailman services: Starting Mailman's master qrunner.
and still shows the same if I run the command now.

What worries me is the completely unqualified:
AndyReed said:
Your server is under serious attack and you need to clean up, secure your server and then you can get these services up and running.
what is all that about? if I've got the same response from a cpanel restart, should I have anything to worry about?

Olly.