The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

kupdated maxing out server

Discussion in 'General Discussion' started by romanus, Sep 30, 2005.

  1. romanus

    romanus Well-Known Member

    Joined:
    Jul 17, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    I have whm/cpanel running on a dual athlon

    I got a message telling me my server has been maxed out for 6 hours or better. There are four copies of kupdated running each taking 48% of cpu. Wierd thing is they are running as user nobody.

    Would it be a problem if I just killed them? I am unfamiliar with what kupdated is/does and why it would be running as nobody.

    Thanks for any help...
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If they're running as user nobody then they're most likely lying and are actually exploits. Check the files open to the PID's using lsof.
     
  3. romanus

    romanus Well-Known Member

    Joined:
    Jul 17, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    too late I killed them. They were bogging the system down. I will keep an eye on it though. Should there be a pear directory in tmp?

    www.hackbase.com has a few links to this server. They have been trying brute force for about 2 months now. I really am just a waste of their time.
     
    #3 romanus, Sep 30, 2005
    Last edited: Sep 30, 2005
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, the pear directory is normal. Check the following directories (at least) for exploits:

    /tmp
    /var/tmp
    /dev/shm
    /usr/local/apache/proxy

    Also make sure that every single phpBB/phpNuke installation on the server is running the latest release.
     
  5. romanus

    romanus Well-Known Member

    Joined:
    Jul 17, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    other than some sessions in tmp the others are all empty. No phpbb installs, in fact no board installs of any kind on this system
     
    #5 romanus, Sep 30, 2005
    Last edited: Sep 30, 2005
Loading...
Similar Threads - kupdated maxing server
  1. brt
    Replies:
    14
    Views:
    664

Share This Page