The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

perl / exim processes loading the server

Discussion in 'General Discussion' started by Secret Agent, Nov 20, 2005.

  1. Secret Agent

    Secret Agent Guest

    Code:
     PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
    13302 mailnull  25   0     0    0    0 Z  9.4  0.0   0:00.29 exim <defunct>
    13343 mailnull  25   0     0    0    0 Z  7.5  0.0   0:00.23 exim <defunct>
    13402 root      25   0  8364 3632 2588 R  4.9  0.1   0:00.15 exim
    12610 mailnull  15   0  8652 3816 2492 S  4.6  0.1   0:00.86 exim
    13387 mailnull  25   0     0    0    0 Z  3.9  0.0   0:00.12 exim <defunct>
    13374 mailnull  25   0     0    0    0 Z  3.6  0.0   0:00.11 exim <defunct>
    11968 mailnull  15   0  8652 3848 2492 S  3.3  0.1   0:01.24 exim
    12341 mailnull  15   0  8668 3848 2492 S  3.3  0.1   0:01.20 exim
    11229 mailnull  15   0  8652 3848 2496 S  2.0  0.1   0:01.06 exim
    

    I also had perl using nearly 100% cpu. Last week was an issue with Fantastico vulnerability which I corrected. I have scanned the server but unable to trace the nobody user running the perl processes. What are these "defunct" exim processes as well?

    Any hints appreciated.
     
  2. Secret Agent

    Secret Agent Guest

    Perl processes constnatly hanging

    Code:
      PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
     2495 root      35  19  3408  556  200 R 57.6  0.0   0:24.11 gzip
    19969 nobody    16   0  6416 1784 1264 R 47.4  0.0 261:48.53 perl
    20018 nobody    16   0  8112 1784 1264 S 47.1  0.0 289:35.46 perl
    23778 nobody    15   0  7172 1780 1264 R 46.7  0.0 283:38.89 perl
    14114 nobody    16   0  6524 1780 1264 S 46.0  0.0 265:26.01 perl
    
    How could I trace these and stop them for good?
     
  3. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    First I would recommend running perl w/suexec so it does not run under the "nobody" user, easier to identify where the problem is comming from and trace it back. it appears you may have a perl script that maybe causing an endless loop somewhere. Once you've identified the script or scripts doing this, look for any while, foreach or for loops. Also the use of the alarm() function can stop the script after so many seconds.

    Hope this may help
    Mickalo
     
  4. Secret Agent

    Secret Agent Guest

    Can you please give me some example of what command to run in order to trace this?
     
  5. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    log into your WHM and enable suexec and not allow any scripts to run under "nobody", then monitor your server load and run the top -c to monitor CPU usuage and if it's a perl script, it should display the user id that the script is running under, then locate the scripts used by this user. Then it's a matter of checking which scripts maybe causing the high load.

    Mickalo
     
  6. Secret Agent

    Secret Agent Guest

    Thank you. I believe you are referring to compiling apache with "phpsuExec support" correct?

    I already have "suEXEC Module" itself enabled in WHM > Apache Update
     
  7. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    no he is referring to running cgi under suexec
     
  8. Secret Agent

    Secret Agent Guest

    So basically this option in WHM > Apache Update

    "Perl Module (not required to run .cgi scripts/not compatible with php) (Version 1.29)"

    ?

    If so, will I have to inform the clients of anything they may need to change on their part? Any cons of running php as cgi?
     
  9. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    has nothing to do with recompiling apache

    WHM
    Service Configuration
    Enable/Disable SuExec
     
  10. Secret Agent

    Secret Agent Guest

    Yes like I mentioned that is already enabled however top -c is not showing actual users other than 'nobody' and 'root' for example.
     
  11. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    Notes: suexec allows cgi scripts to run with the user's id. It will also make it easier to track which user has sent out an email. If suexec is not enabled, all cgi scripts will run as nobody

    you must enble via WHM as posted above or it will run as nobody it is doing what it is supposed to
     
  12. Secret Agent

    Secret Agent Guest

    As I mentioned twice I already have suExec enabled and they still show as nobody.
     
  13. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    Have you stopped all running processes AFTER installing suexec? If not sure - reboot. That will 100% kill all the old processes.
     
  14. Secret Agent

    Secret Agent Guest

    SUEXEC was enabled the entire time and I ran top -c but they still showed as nobody AND I did stop the processed / killed them as well.
     
  15. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    You are aware that top does not show all running processes correct? Just the top ones. That why I said - reboot. That is fail-safe.
     
Loading...

Share This Page