Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Server crashed -- many "whmhttps connected from" in kernel log

Discussion in 'General Discussion' started by Stefaans, Jul 27, 2005.

  1. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    460
    Likes Received:
    3
    Trophy Points:
    318
    Location:
    Vancouver, Canada
    Our one server crashed today. The server has been experiencing stability problems lately, and I have been unable to pinpoint to cause. :eek:

    On scanning /var/log/messages, I found a several hundreds of lines like the following, spread over a few seconds, immediately before the server went down:

    The IP address 11.22.33.44 represents my IP address. My browser was open on WHM as root at the time.

    Any ideas what is going one here? :confused:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 Stefaans, Jul 27, 2005
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Do you have a cPanel DNS cluster? If so, then one of the members may be having problems with dnsadmin looping which would fit this evidence.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 chirpy, Jul 27, 2005
  3. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    460
    Likes Received:
    3
    Trophy Points:
    318
    Location:
    Vancouver, Canada
    Thanks for the DNS pointer (pun intended). We do have DNS clustering in place: this box (that crashed) and one other. However, the IP address shown in the error messages is that of our office, not the other DNS server.

    Could you possibly give me some further advice on where to check for signs of the potential "dnsadmin looping" problem? Should I just check both servers' /var/log/messages files, or are there some other clues that I could follow up on as well.

    Thanks ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 Stefaans, Jul 27, 2005
  4. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    460
    Likes Received:
    3
    Trophy Points:
    318
    Location:
    Vancouver, Canada
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 Stefaans, Jul 27, 2005
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    It may well have nothing to do with dnsadmin, then. Though it could certainly be a looping script since you were in WHM at the time.

    One idea might be to use PRM if you don't already have it installed (though it has its limitations). Another would be to enable the Fork/Bomb protection if that is not enabled (though since WHM runs under root it probably won't help as root is excluded, IIRC).

    Lastly, have you checked that the laus rpm is not installed?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 chirpy, Jul 27, 2005
  6. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    460
    Likes Received:
    3
    Trophy Points:
    318
    Location:
    Vancouver, Canada
    Thanks for the advice Jonathan.

    PRM is not installed. I will get working on that shortly ;)

    Fork/Bomb protection is already enabled.

    Checking for laus, if find
    Is its presense good or bad? I believe laus stands for "Linux Audit-Subsystem user space tools and daemon".
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 Stefaans, Jul 27, 2005
  7. stasd

    stasd Active Member

    Joined:
    Sep 22, 2003
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    USA
    Code:
    root     11311  0.5  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KqxIwE6Hrxe46e8zISP8VNEjorbQhpQd           
root     23448  0.6  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - uhc7uR1uh5soAIm6hu3BtPZ5feYxL5_D           
root     20236  0.5  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - aioYlYtJ4NpE7mnb5w1T0xB2LmQz5UVZ           
root      7090  0.6  0.3  8064 6472 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - i3m8MHLSfxdTdPNEuYGGF3pjykvLPzVJ           
root     12561  0.0  0.3 10744 8104 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KqxIwE6Hrxe46e8zISP8VNEjorbQhpQd           
root     22059  0.0  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KqxIwE6Hrxe46e8zISP8VNEjorbQhpQd           
root     20470  0.0  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KqxIwE6Hrxe46e8zISP8VNEjorbQhpQd - locking /e
root     11129  0.0  0.3 10744 8100 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - uhc7uR1uh5soAIm6hu3BtPZ5feYxL5_D           
root     30315  0.0  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - uhc7uR1uh5soAIm6hu3BtPZ5feYxL5_D           
root     18472  0.0  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - uhc7uR1uh5soAIm6hu3BtPZ5feYxL5_D - locking /e
root      1957  0.0  0.3 10876 8116 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - i3m8MHLSfxdTdPNEuYGGF3pjykvLPzVJ           
root     23481  0.0  0.3  8064 6472 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - i3m8MHLSfxdTdPNEuYGGF3pjykvLPzVJ           
root     29758  0.0  0.3  8064 6472 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - i3m8MHLSfxdTdPNEuYGGF3pjykvLPzVJ - locking /e
root     11408  0.0  0.3 10876 8108 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - aioYlYtJ4NpE7mnb5w1T0xB2LmQz5UVZ           
root     18831  0.0  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - aioYlYtJ4NpE7mnb5w1T0xB2LmQz5UVZ           
root     11201  0.0  0.3  8064 6464 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - aioYlYtJ4NpE7mnb5w1T0xB2LmQz5UVZ - locking /e
root     11159  0.0  0.2  9728 5784 ?        S    08:34   0:00 whostmgrd - serving 67.15.14.90
root     14325  0.1  0.8 19568 17964 ?       S    08:34   0:00 /usr/local/cpanel/whostmgr/bin/whostmgr2 ./removezone_local
root      2212  0.4  0.3  8064 6472 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - UqDIhHARe7i8Ghef1YMpQ9VjeehO8RVJ           
root      8610  0.0  0.3 10876 8112 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - UqDIhHARe7i8Ghef1YMpQ9VjeehO8RVJ           
root     21560  0.0  0.3  8064 6472 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - UqDIhHARe7i8Ghef1YMpQ9VjeehO8RVJ           
root     20904  0.0  0.3  8064 6472 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - UqDIhHARe7i8Ghef1YMpQ9VjeehO8RVJ - locking /e
root      3480  0.0  0.2  9728 5780 ?        S    08:34   0:00 whostmgrd - serving 67.15.14.90
root     22402  0.1  0.8 19568 17956 ?       S    08:34   0:00 /usr/local/cpanel/whostmgr/bin/whostmgr2 ./removezone_local
root      7154  0.5  0.3  8064 6476 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KMQiWfMWl6WJxaLlyMqCUu8UpKa1DRjx           
root      2213  0.0  0.3 10876 8124 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KMQiWfMWl6WJxaLlyMqCUu8UpKa1DRjx           
root     21081  0.0  0.3  8064 6476 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KMQiWfMWl6WJxaLlyMqCUu8UpKa1DRjx           
root      1560  0.0  0.3  8064 6476 ?        S    08:34   0:00 dnsadmin - REMOVEZONE - KMQiWfMWl6WJxaLlyMqCUu8UpKa1DRjx - locking /e
root     21955  0.0  0.2  9728 5780 ?        S    08:34   0:00 whostmgrd - serving 67.15.14.90
root     11243  0.2  0.8 19568 17960 ?       S    08:34   0:00 /usr/local/cpanel/whostmgr/bin/whostmgr2 ./removezone_local
    All servers in the sluster crashing
     
    #7 stasd, Jul 27, 2005
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    That's it, yes. It's presence often makes cPanel server unstable and you should remove it. Have a search for laus on the forum if you have it on how best to remove it properly.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 chirpy, Jul 28, 2005
  9. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    460
    Likes Received:
    3
    Trophy Points:
    318
    Location:
    Vancouver, Canada
    Thanks, I am learning something new every day :)

    Seems like laus is not installed or running as a service:
    Some laus libraries are installed, and required by other packages
    So, innocent or not, the laus libraries probably need to stay ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #9 Stefaans, Jul 29, 2005
(You must log in or sign up to post here.)
Loading...
Similar Threads - Server crashed many
  1. Sametto Chan

    MySQL Database crashed/CPU higher on server to down

    Sametto Chan, Oct 21, 2017, in forum: Workarounds and Optimization
    Replies:
    10
    Views:
    1,374
    Sametto Chan
    Oct 26, 2017
  2. Fresh Studio

    New Thread SMTP error from remote mail server after pipelined mail error

    Fresh Studio, Jan 16, 2019 at 4:00 PM, in forum: E-mail Discussion
    Replies:
    0
    Views:
    22
    Fresh Studio
    Jan 16, 2019 at 4:00 PM
  3. thewm

    New Thread Malicious Outgoing Connection to another server

    thewm, Jan 15, 2019 at 12:50 PM, in forum: Security
    Replies:
    0
    Views:
    45
    thewm
    Jan 15, 2019 at 12:50 PM
  4. DsT15

    403 Forbidden Access, Access to this resource on this server is denied

    DsT15, Jan 11, 2019 at 8:56 PM, in forum: General Discussion
    Replies:
    2
    Views:
    186
    cPanelMichael
    Jan 14, 2019 at 10:35 AM
  5. joncorenna

    Internal Server Error 500

    joncorenna, Jan 11, 2019 at 3:01 PM, in forum: General Discussion
    Replies:
    3
    Views:
    188
    cPanelMichael
    Jan 14, 2019 at 11:24 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice