keat63

Well-Known Member
Nov 20, 2014
1,843
221
93
cPanel Access Level
Root Administrator
Does anyone know what these mean.
I have a few of these in my logs since yesterday.

Code:
[2017-03-01 15:49:21 +0000] info [xml-api] Syncing version information from httpupdate.cpanel.net/cpanelsync/TIERS.json
[2017-03-01 15:49:22 +0000] info [xml-api] Loading default httpupdate source
[2017-03-01 15:49:22 +0000] info [xml-api] Syncing version information from httpupdate.cpanel.net/cpanelsync/TIERS.json
[2017-03-01 15:49:31 +0000] info [xml-api] Successfully verified signature for cpanel (key types: release).
[2017-03-01 15:49:31 +0000] info [xml-api] Using new TIERS.json version file
[2017-03-01 15:49:32 +0000] info [xml-api] Successfully verified signature for cpanel (key types: release).
[2017-03-01 18:18:21 +0000] info [autorepair] Successfully verified signature for cpanel (key types: release).
Error while reading netlink: $VAR1 = {
         'nlmsg_length' => 96,
         'nlmsg_seq' => 2,
         'nlmsg_pid' => 18422,
         'nlmsg_flags' => 0,
         'nlmsg_type' => 2
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_seq' => 2,
         'nlmsg_flags' => 0,
         'nlmsg_pid' => 18628,
         'nlmsg_length' => 96,
         'nlmsg_type' => 2
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_length' => 96,
         'nlmsg_type' => 2,
         'nlmsg_seq' => 2,
         'nlmsg_flags' => 0,
         'nlmsg_pid' => 18631
       };
Building global cache for cpanel...Done
Error while reading netlink: $VAR1 = {
         'nlmsg_pid' => 31593,
         'nlmsg_seq' => 2,
         'nlmsg_type' => 2,
         'nlmsg_length' => 96,
         'nlmsg_flags' => 0
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_flags' => 0,
         'nlmsg_pid' => 31706,
         'nlmsg_type' => 2,
         'nlmsg_seq' => 2,
         'nlmsg_length' => 96
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_flags' => 0,
         'nlmsg_type' => 2,
         'nlmsg_length' => 96,
         'nlmsg_seq' => 2,
         'nlmsg_pid' => 31709
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_length' => 96,
         'nlmsg_type' => 2,
         'nlmsg_flags' => 0,
         'nlmsg_pid' => 1786,
         'nlmsg_seq' => 2
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_pid' => 1951,
         'nlmsg_seq' => 2,
         'nlmsg_type' => 2,
         'nlmsg_flags' => 0,
         'nlmsg_length' => 96
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_seq' => 2,
         'nlmsg_flags' => 0,
         'nlmsg_type' => 2,
         'nlmsg_pid' => 1954,
         'nlmsg_length' => 96
       };
 

keat63

Well-Known Member
Nov 20, 2014
1,843
221
93
cPanel Access Level
Root Administrator
I've nothing jumping out in var/log/messages around this time.
other than an IP block by CSF

Code:
Mar  1 18:18:21 leeds kernel: [326069.704505] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:19:99:78:1e:4f:00:26:0a:25:9a:40:08:00 SRC=xx.xx.xx.xx DST=my.ip.add LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=12211 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Mar  1 18:18:21 leeds kernel: [326069.709407] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:19:99:78:1e:4f:00:26:0a:25:9a:40:08:00 SRC=xx.xx.xx.xx DST=my.ip.add LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=12219 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Mar  1 18:18:21 leeds kernel: [326070.097931] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:90:1b:0e:0d:2d:4b:08:00 SRC=yyy.yyy.yyy.yyy DST=255.255.255.255 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=12363 PROTO=UDP SPT=53594 DPT=10505 LEN=100
Maybe I'll log this with the data centre.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

Could you verify which version of cPanel is installed on this system?

Thank you.
 

keat63

Well-Known Member
Nov 20, 2014
1,843
221
93
cPanel Access Level
Root Administrator
The build was 62.08, however I ran an update to 62.16 and a yum update last night, I've not seen any of these over night.

I had a few emails back and forth with the data centre, who actually pointed me to this thread, so I guess they were as equally confused as I was. We ran disk checks which came back OK.

I'm still monitoring.

Could network traffic have caused this ?
var/log/messages was showing a server within the datacentre being blocked by CSF trying to do something (now been reported).
I was seeing echos from it every few seconds.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
The build was 62.08, however I ran an update to 62.16 and a yum update last night, I've not seen any of these over night.
Please feel free to open a support ticket if the issue occurs again so we can take a closer look at the affected system.

Thank you.
 

keat63

Well-Known Member
Nov 20, 2014
1,843
221
93
cPanel Access Level
Root Administrator
This is still occasionally occuring, and I think I've narrowed it down to this.

Code:
Mar 29 13:30:14 kernel: [2308815.435694] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:99:7b:3e:63:08:00 SRC=xxx.xxx.xxx.xxx DST=255.255.255.255 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=18792 PROTO=UDP SPT=62706 DPT=8082 LEN=84
xxx.xxx.xxx.xxx being a server inside the same data centre.
If I block the IP in my firewall, the issue goes away for a few days, then starts again on a new IP.

Therefore I'm guessing that it may be some form of software, virus or malware.

I'd rather not open a ticket, if this can be explained on here ??
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
xxx.xxx.xxx.xxx being a server inside the same data centre.
If I block the IP in my firewall, the issue goes away for a few days, then starts again on a new IP.

Therefore I'm guessing that it may be some form of software, virus or malware.
You may want to reach out to your data center to report this traffic, as they should be able to take action of the behavior is malicious. Otherwise, you may want to seek out a system administrator to access the system and determine what's happening:

System Administration Services | cPanel Forums

Thank you.