The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Process exe

Discussion in 'General Discussion' started by ZachICU, Aug 18, 2004.

  1. ZachICU

    ZachICU Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    130
    Likes Received:
    0
    Trophy Points:
    16
    After an update I notice a process

    exe

    eating up alot of memory.

    I cant seem to track this down as to where its being run from.

    Anyone have any suggestions?

    Thanks
    Zach
     
  2. ZachICU

    ZachICU Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    130
    Likes Received:
    0
    Trophy Points:
    16
    5717 nobody 16 0 496 460 428 R 97.2 0.0 0:06 exe
     
  3. Israel.lopez

    Israel.lopez Member

    Joined:
    Mar 4, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    You could do a list open files and grep for that process name or PID.

    lsof | grep exe or lsof | grep <PID>

    It maybe a bnc server. Who knows.
     
  4. compunet2

    compunet2 Well-Known Member

    Joined:
    Feb 21, 2003
    Messages:
    310
    Likes Received:
    0
    Trophy Points:
    16
    First, check your /tmp directory for the "exe" file (ls -la). If its not there, then, from / try: locate exe*. It may turn up a lot of results, but may help narrow it down.
     
  5. cyon

    cyon Well-Known Member
    PartnerNOC

    Joined:
    Jan 15, 2003
    Messages:
    320
    Likes Received:
    0
    Trophy Points:
    16
    same problem here.
    it keeps the load over 40 and every couple of seconds the PID changes.
    this is a part of lsof:

    Code:
    exe       21318   nobody  cwd    DIR       58,1      4096          2 /
    exe       21318   nobody  rtd    DIR       58,1      4096          2 /
    exe       21318   nobody  txt    REG       58,2     84444        125 /tmp/upxBB1OAXQAP5J (deleted)
    exe       21318   nobody  mem    REG       58,1     79864     116136 /lib/ld-2.3.2.so
    exe       21318   nobody  mem    REG       58,1   1288460     115638 /lib/i686/libc-2.3.2.so
    exe       21318   nobody    0u   CHR        1,3                17902 /dev/null
    exe       21318   nobody    1u   CHR        1,3                17902 /dev/null
    exe       21318   nobody    2u   CHR        1,3                17902 /dev/null
    exe       21318   nobody    3u  sock        0,0              7921597 can't identify protocol
    exe       21318   nobody    4u  sock        0,0              7928035 can't identify protocol
    exe       21318   nobody    5u  sock        0,0              8115991 can't identify protocol
    exe       21318   nobody    6u  sock        0,0              8295421 can't identify protocol
    exe       21318   nobody    7u  sock        0,0              8496755 can't identify protocol
    exe       21318   nobody    8u  sock        0,0             11271856 can't identify protocol
    exe       21318   nobody    9u  sock        0,0             11463334 can't identify protocol
    exe       21318   nobody   10u  sock        0,0             11831942 can't identify protocol
    exe       21318   nobody   11u  sock        0,0             12012918 can't identify protocol
    exe       21318   nobody   12u  sock        0,0             12904297 can't identify protocol
    exe       21318   nobody   13u  sock        0,0             12963090 can't identify protocol
    exe       21318   nobody   14u  sock        0,0             13062860 can't identify protocol
    exe       21318   nobody   15w   REG       58,3 134058122     755272 /usr/local/apache/logs/error_log
    exe       21318   nobody   16u  IPv4   37254614                  TCP server3.cyon.ch:49070->stream.jmi.or.jp:auth (ESTABLISHED)
    exe       21318   nobody   18w   REG       58,3      1086     661433 /usr/local/apache/domlogs/xxxin.paxxxnz.ch-bytes_log
    exe       21318   nobody   19w   REG       58,3      4564     661441 /usr/local/apache/domlogs/wikxi.nxx.ch-bytes_log
    exe       21318   nobody   20w   REG       58,3         0     661385 /usr/local/apache/domlogs/fixxxeva.ch-bytes_log
    exe       21318   nobody   21w   REG       58,3      1179     661310 /usr/local/apache/domlogs/mxxesign.mxdu.ch-bytes_log
    exe       21318   nobody   22w   REG       58,3         0     661523 /usr/local/apache/domlogs/radio.thecause.com-bytes_log
    
    from here are hundreds of processes with /usr/local/apache/domlogs/...

    any ideas?
     
  6. cass

    cass Well-Known Member

    Joined:
    Jul 17, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Argentina/USA/Mexico
    Same here ... found this on one server...
    wtf is this exe ??!?!

    running as nobody... changes the PID every xx seconds... is something from cpanel?!?...
    or anyone running something?
    I've search on the server and not found any file called exe ... weird.

    any way to see where is the command being run ?
    where was the file executed from ...etc?

    Regards.
     
  7. cass

    cass Well-Known Member

    Joined:
    Jul 17, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Argentina/USA/Mexico
    Oh well... I figured to know the cmd...
    used to be proftpd... ¿?

    doing a cat /proc/3514/cmdline (3514 was this moment pid for the exe process)
    I got:
    proftpd: (accepting connections)

    so... I restarted proftpd... and it keep the same...

    then I ps ax | grep proftpd ... and found TWO of them...

    11980 ? S 0:00 proftpd: (accepting connections)
    4047 ? R 0:09 proftpd: (accepting connections)
    4058 pts/3 R 0:00 grep proft

    then killed both... and startedcpanel proftpd... exe gone away.

    The question is ...
    was this ANOTHER PROFTD running?
    was this a CPANEL BUG or something?
    Why was this proftpd running this exe process?
    Why was it consuming such cpu resources?
    Or ... maybe is a bug on proftpd... ?

    Anyone at cpanel could please let me know if this has something to do with cpanel please.
    (this server was using last 9.7.7 release)
    but I dont know if the issue was while running the update, when the update was ran... or so, cause I discovered this an hour after than upgrading... didn't checked before.

    Regards.
     
Loading...

Share This Page