APACHE -- crashing a system

[BurtonHost]

Was running TOP and saw it happen - one process of apache uses all the processor and memory up, uses all the ram, all the swap, the load goes so high the server just crashes.. Can't find an explanation for this in the logs and I kept restarting apache and it would do it. Then, after a while it stopped and it's been fine since..

I'm told it was most probably the Apache exploit discovered but have to wait for a patch to be released by cPanel to update it..

Anyone else experienced this? Any solutions?

Thanks

 

[norm]

Find the PID of the process and compare it to server-status and see which website is responsible.

You may have a client running a resource intensive script

 

[shaun]

ps auxf sometimes helps. some times it will show you the scripts that is comsuming that apache process.

 

[BurtonHost]

Thing is you can't catch it in time.. as soon as the apache process goes wild you cna't issue any command without a major lag as all teh processors, ram and swap get eaten in a matter of seconds...

I've been recommended to format and reinstall..

 

[Mat]

Right after it happens, turn off apache, and then look at the access logs, and see the last scripts executed, and track it down that way.. :D

You don't need to format..

 

[BurtonHost]

Be careful of loops in PHP scripts.. they kill your server if you set it infinite.. and that's a guarantee..
The Apache memory limit is ineffective.

 

[moronhead]

[quote:b04cd2051d][i:b04cd2051d]Originally posted by BurtonHost[/i:b04cd2051d]

Be careful of loops in PHP scripts.. they kill your server if you set it infinite.. and that's a guarantee..[/quote:b04cd2051d]
BurtonHost, you're quite right on this. Do you know of any protection against this?

 

[BurtonHost]

Well, I thought Limit apache memory was meant to sort this, but the script as soon as it was run just kept on going, and ate up all the ram, swap and processor.. so nothing would work on the server.. and you couldn't login to SSH for ages until it eventually freed some processor.

I'm hoping there will be something produced for protection against this..

I can give you a copy of the script if you would like.. and you can see it kill your server.