The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server crashed -- many "whmhttps connected from" in kernel log

Discussion in 'General Discussion' started by Stefaans, Jul 27, 2005.

  1. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    318
    Location:
    Vancouver, Canada
    Our one server crashed today. The server has been experiencing stability problems lately, and I have been unable to pinpoint to cause. :eek:

    On scanning /var/log/messages, I found a several hundreds of lines like the following, spread over a few seconds, immediately before the server went down:

    The IP address 11.22.33.44 represents my IP address. My browser was open on WHM as root at the time.

    Any ideas what is going one here? :confused:
     
    #1 Stefaans, Jul 27, 2005
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,472
    Likes Received:
    20
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Do you have a cPanel DNS cluster? If so, then one of the members may be having problems with dnsadmin looping which would fit this evidence.
     
    #2 chirpy, Jul 27, 2005
  3. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    318
    Location:
    Vancouver, Canada
    Thanks for the DNS pointer (pun intended). We do have DNS clustering in place: this box (that crashed) and one other. However, the IP address shown in the error messages is that of our office, not the other DNS server.

    Could you possibly give me some further advice on where to check for signs of the potential "dnsadmin looping" problem? Should I just check both servers' /var/log/messages files, or are there some other clues that I could follow up on as well.

    Thanks ;)
     
    #3 Stefaans, Jul 27, 2005
  4. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    318
    Location:
    Vancouver, Canada
    #4 Stefaans, Jul 27, 2005
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,472
    Likes Received:
    20
    Trophy Points:
    463
    Location:
    Go on, have a guess
    It may well have nothing to do with dnsadmin, then. Though it could certainly be a looping script since you were in WHM at the time.

    One idea might be to use PRM if you don't already have it installed (though it has its limitations). Another would be to enable the Fork/Bomb protection if that is not enabled (though since WHM runs under root it probably won't help as root is excluded, IIRC).

    Lastly, have you checked that the laus rpm is not installed?
     
    #5 chirpy, Jul 27, 2005
  6. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    318
    Location:
    Vancouver, Canada
    Thanks for the advice Jonathan.

    PRM is not installed. I will get working on that shortly ;)

    Fork/Bomb protection is already enabled.

    Checking for laus, if find
    Is its presense good or bad? I believe laus stands for "Linux Audit-Subsystem user space tools and daemon".
     
    #6 Stefaans, Jul 27, 2005
  7. stasd

    stasd Active Member

    Joined:
    Sep 22, 2003
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    USA
    Code:
    root     11311  0.5  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KqxIwE6Hrxe46e8zISP8VNEjorbQhpQd           
root     23448  0.6  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - uhc7uR1uh5soAIm6hu3BtPZ5feYxL5_D           
root     20236  0.5  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - aioYlYtJ4NpE7mnb5w1T0xB2LmQz5UVZ           
root      7090  0.6  0.3  8064 6472 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - i3m8MHLSfxdTdPNEuYGGF3pjykvLPzVJ           
root     12561  0.0  0.3 10744 8104 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KqxIwE6Hrxe46e8zISP8VNEjorbQhpQd           
root     22059  0.0  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KqxIwE6Hrxe46e8zISP8VNEjorbQhpQd           
root     20470  0.0  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KqxIwE6Hrxe46e8zISP8VNEjorbQhpQd - locking /e
root     11129  0.0  0.3 10744 8100 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - uhc7uR1uh5soAIm6hu3BtPZ5feYxL5_D           
root     30315  0.0  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - uhc7uR1uh5soAIm6hu3BtPZ5feYxL5_D           
root     18472  0.0  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - uhc7uR1uh5soAIm6hu3BtPZ5feYxL5_D - locking /e
root      1957  0.0  0.3 10876 8116 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - i3m8MHLSfxdTdPNEuYGGF3pjykvLPzVJ           
root     23481  0.0  0.3  8064 6472 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - i3m8MHLSfxdTdPNEuYGGF3pjykvLPzVJ           
root     29758  0.0  0.3  8064 6472 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - i3m8MHLSfxdTdPNEuYGGF3pjykvLPzVJ - locking /e
root     11408  0.0  0.3 10876 8108 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - aioYlYtJ4NpE7mnb5w1T0xB2LmQz5UVZ           
root     18831  0.0  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - aioYlYtJ4NpE7mnb5w1T0xB2LmQz5UVZ           
root     11201  0.0  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - aioYlYtJ4NpE7mnb5w1T0xB2LmQz5UVZ - locking /e
root     11159  0.0  0.2  9728 5784 ?        S    08:34   0:00 whostmgrd - serving 67.15.14.90
root     14325  0.1  0.8 19568 17964 ?       S    08:34   0:00 /usr/local/cpanel/whostmgr/bin/whostmgr2 ./removezone_local
root      2212  0.4  0.3  8064 6472 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - UqDIhHARe7i8Ghef1YMpQ9VjeehO8RVJ           
root      8610  0.0  0.3 10876 8112 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - UqDIhHARe7i8Ghef1YMpQ9VjeehO8RVJ           
root     21560  0.0  0.3  8064 6472 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - UqDIhHARe7i8Ghef1YMpQ9VjeehO8RVJ           
root     20904  0.0  0.3  8064 6472 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - UqDIhHARe7i8Ghef1YMpQ9VjeehO8RVJ - locking /e
root      3480  0.0  0.2  9728 5780 ?        S    08:34   0:00 whostmgrd - serving 67.15.14.90
root     22402  0.1  0.8 19568 17956 ?       S    08:34   0:00 /usr/local/cpanel/whostmgr/bin/whostmgr2 ./removezone_local
root      7154  0.5  0.3  8064 6476 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KMQiWfMWl6WJxaLlyMqCUu8UpKa1DRjx           
root      2213  0.0  0.3 10876 8124 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KMQiWfMWl6WJxaLlyMqCUu8UpKa1DRjx           
root     21081  0.0  0.3  8064 6476 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KMQiWfMWl6WJxaLlyMqCUu8UpKa1DRjx           
root      1560  0.0  0.3  8064 6476 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KMQiWfMWl6WJxaLlyMqCUu8UpKa1DRjx - locking /e
root     21955  0.0  0.2  9728 5780 ?        S    08:34   0:00 whostmgrd - serving 67.15.14.90
root     11243  0.2  0.8 19568 17960 ?       S    08:34   0:00 /usr/local/cpanel/whostmgr/bin/whostmgr2 ./removezone_local
    All servers in the sluster crashing
     
    #7 stasd, Jul 27, 2005
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,472
    Likes Received:
    20
    Trophy Points:
    463
    Location:
    Go on, have a guess
    That's it, yes. It's presence often makes cPanel server unstable and you should remove it. Have a search for laus on the forum if you have it on how best to remove it properly.
     
    #8 chirpy, Jul 28, 2005
  9. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    318
    Location:
    Vancouver, Canada
    Thanks, I am learning something new every day :)

    Seems like laus is not installed or running as a service:
    Some laus libraries are installed, and required by other packages
    So, innocent or not, the laus libraries probably need to stay ;)
     
    #9 Stefaans, Jul 29, 2005
(You must log in or sign up to post here.)
Loading...
Similar Threads - Server crashed many
  1. TapanB

    MySQL crashed and corrupted database after graceful server reboot

    TapanB, Oct 14, 2016, in forum: Database Discussions
    Replies:
    4
    Views:
    986
    Sujoy Dhar
    Nov 15, 2016
  2. Motamedi

    MySQL Server crashed.

    Motamedi, Sep 21, 2015, in forum: Database Discussions
    Replies:
    1
    Views:
    840
    cPanelMichael
    Sep 21, 2015
  3. Bashed

    Server Crashed Suddenly, Can't Trace Cause

    Bashed, Jul 30, 2015, in forum: General Discussion
    Replies:
    2
    Views:
    858
    Arkaic
    Aug 3, 2015
  4. keat63

    server crashed - lost emails

    keat63, Jul 20, 2015, in forum: E-mail Discussions
    Replies:
    2
    Views:
    312
    cPanelMichael
    Jul 27, 2015
  5. fruit321

    SOLVED URL /index.php was not found on this server.

    fruit321, Jun 24, 2017 at 6:05 AM, in forum: General Discussion
    Replies:
    4
    Views:
    41
    fruit321
    Jun 24, 2017 at 11:55 AM

Share This Page