cpsrvd on server failed. Takes down full machine

dalem

Well-Known Member
PartnerNOC
Oct 24, 2003
2,983
159
368
SLC
cPanel Access Level
DataCenter Provider
your will have to run all the commands again since you did not complete it the first time
and restart cpanel
 
Last edited:

Webjunkie

Active Member
PartnerNOC
May 1, 2003
42
0
156
I'm having this problem on a CentOS 3.8 32-bit machine. It started happening a few days ago. The machine had been solid up until that point and had an uptime of over 75 days. Now, each morning at between 4:00 AM - 6:00 AM, cpsrvd fails, and I can't access the machine by SSH. A manual reboot fixes it, but I'd rather not have to do that every day. Looking at the logs reveals nothing obvious. Where should I be looking?

Thanks.

EDIT: I should mention I know for certain it's not hardware related.
 
Last edited:
Jul 26, 2005
6
0
151
May be a stupid answer , but i will try to help

some days ago i saw the same problem. when i did a top in ssh i saw some [V6] process in the machine. i investigate and it was an exploit in the /tmp running a irc bot.
i deleted the folder and kill al the process , and the server run fine.

on the another day occurs the same thing. i must go to datacenter, reboot the machine access trough ssh and kill the process .

i secure the tmp folder, change the permissions, change the permissions of wget , curl and others. Solved for few hours.

i put the machine at "looking for crash mode" i put a Ssh session opened to check the server.
Suddently , i saw a strange url been executed in apache , eating some cpu .
when i run the .php file i discovered a c99shell script running in my machine.

Resuming

there was a BIG hole in Tufat Flashchat , and i knew about this, but how i was worried about Cpanel server i let the job to update Flashchat later.
i did a mistake and the attacker tried some other ways to exploit the machine.

now , the box is running smoothly...
i will continue to check....


May be this could help you, couldn't .

Pablo. Good luck