cpsrvd on server failed. Takes down full machine

Webjunkie

Active Member
PartnerNOC
May 1, 2003
42
0
156
I'm having this problem on a CentOS 3.8 32-bit machine. It started happening a few days ago. The machine had been solid up until that point and had an uptime of over 75 days. Now, each morning at between 4:00 AM - 6:00 AM, cpsrvd fails, and I can't access the machine by SSH. A manual reboot fixes it, but I'd rather not have to do that every day. Looking at the logs reveals nothing obvious. Where should I be looking?

Thanks.

EDIT: I should mention I know for certain it's not hardware related.
 
Last edited:
Jul 26, 2005
6
0
151
May be a stupid answer , but i will try to help

some days ago i saw the same problem. when i did a top in ssh i saw some [V6] process in the machine. i investigate and it was an exploit in the /tmp running a irc bot.
i deleted the folder and kill al the process , and the server run fine.

on the another day occurs the same thing. i must go to datacenter, reboot the machine access trough ssh and kill the process .

i secure the tmp folder, change the permissions, change the permissions of wget , curl and others. Solved for few hours.

i put the machine at "looking for crash mode" i put a Ssh session opened to check the server.
Suddently , i saw a strange url been executed in apache , eating some cpu .
when i run the .php file i discovered a c99shell script running in my machine.

Resuming

there was a BIG hole in Tufat Flashchat , and i knew about this, but how i was worried about Cpanel server i let the job to update Flashchat later.
i did a mistake and the attacker tried some other ways to exploit the machine.

now , the box is running smoothly...
i will continue to check....


May be this could help you, couldn't .

Pablo. Good luck