The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server keeps crashing

Discussion in 'General Discussion' started by GrAfiX, Oct 12, 2004.

  1. GrAfiX

    GrAfiX Member

    Joined:
    Oct 20, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    Server keeps crashing need help

    I have a hosted server and the server keeps crashing. The server is hosted on a farm so I can only remotely administrate it. There are no Kernel panics that I can see since the kernel log never gets created when it crashes. However in the messages log I see tons of wierd activity. There are a lot of attempted hacks going on and every time the server dies the last few entries in the messages log and there are a bunch but they look like this.

    Oct 12 18:09:43 ns1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Oct 12 18:19:08 ns1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Oct 12 18:19:10 ns1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Oct 12 18:27:59 ns1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Oct 12 18:28:00 ns1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Oct 12 18:38:51 ns1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Oct 12 18:38:52 ns1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Oct 12 18:47:24 ns1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Oct 12 18:47:26 ns1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Oct 12 18:56:43 ns1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Oct 12 18:56:44 ns1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Oct 12 21:32:17 ns1 syslogd 1.4.1: restart.


    The FTP logins happen like this for pages and pages and you can see the last entry before the restart is always a logout.

    I just switched to the prue-ftpd last night to see if that stopped it but obviously not since it was doing the same thing with proftpd. What would be causing these connections from local host???

    Also when running "top" nothing out of the ordinary is happening when the server locks. I will get a screen shot the next time it happens.

    I'm trying to get the NOC to update to Kernel 2.6xx what ever the latest version is since up2date only grabes 2.4 something.

    Is there anyone that can help?? Where else could I look for problems without being in front of the terminal to see whats happening there?? I know some Linux but really just enough to get me in trouble.

    Thanks in advance for any help you can provide me with.
    Mike
     
    #1 GrAfiX, Oct 12, 2004
    Last edited: Oct 13, 2004
  2. GrAfiX

    GrAfiX Member

    Joined:
    Oct 20, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    Oh a couple more things... The NOC replaced the MB, RAM, Processor and NIC to try and eliminate the problem.

    the server is RH9
    Linux ns1.hostbulb.com 2.4.20-31.9 #1 Tue Apr 13 17:38:16 EDT 2004 i686 athlon i386 GNU/Linux

    I do have a couple very busy sites on the box but not enough to bring it to its knee's I wouldn't think.
     
  3. GrAfiX

    GrAfiX Member

    Joined:
    Oct 20, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    Here's what the NOC said..





    I wouldn't have the first clue about how to modify the stuff they said I did basically if I can't do it through whm or simple cpanel scripts then it hasn't been done. And really have not changed anything there either.

    Can anyone point me in the right direction??
     
  4. GrAfiX

    GrAfiX Member

    Joined:
    Oct 20, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    anyone????
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The stuff about xinetd, though valid, is the same on any Linux cPanel server and would have absolutely nothing to do with your server crashing.

    More information would be helpful:

    What OS and version are you running and what kernel version are you running? The 2.4 kernel might be perfectly valid depending on your OS, but the full version would help:

    uname -a

    I would suspect that portsentry has absolutely nothing to do with it either. The above information would help as a starting point.

    Another thing you could consider installing is PRM, incase you have runaway processes:
    http://r-fx.org/prm.php

    Another is to make sure that you have WHM > Shell fork bomb protection enabled, incase you have runaway background or CGI processes.

    Lastly, it would help to have your NOC look at the actual server console port after a crash for the actual reason. Log files can be useless if they can't be written to, but the console nearly always has some reason for a crash displayed on it.
     
  6. sky

    sky Well-Known Member

    Joined:
    Nov 24, 2002
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    0
    actually i am also having the exact problem.

    there is no processes that was using alot of resources and such. It is as if, someone went to cut the power supply off suddenly. no panic messages etc.

    This only happened after I upgraded to latest 9.9.8 - s6

    any idea?
     
  7. challii

    challii Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    if you can, can you try running top, and seeing if anything weird happens when the load suddenly shoots through the roof. Our server had a problem yesterday (not sure if its still there ... PRM hasnt complained yet today!) But basically what was happening was the number of processes was suddenly shooting through the roof from ~200 processes to 600 processes!

    The server simply couldnt cope with this and would just struggle until the proccesses were killed or died. I think it might be due to a dodgy bandwidth monitor, but thats only what I think.

    is there any way you can list all the proccesses ? would be quite interested to see whats running.
     
  8. sky

    sky Well-Known Member

    Joined:
    Nov 24, 2002
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    0
    the funny thing is that there isn't process overload.

    it was ok for a few days and it came back again. worst still, the server is shutoff just like that ..... i am still wondering ... why it happen after the upgrade and not before.
     
  9. sky

    sky Well-Known Member

    Joined:
    Nov 24, 2002
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    0
    ok some updates.....

    i found out it was due to my fan. Apparently, the CPU heat up as there is no cooling and motherboard just shuts off power. Safety mechanism.

    I will see since it has been 2 days since replacement of cpu fan and everything is ok now.

    Sometimes it ain't always software .... but sad to say most of us jump at what is simplest ... lol ... hopefully it is just the cpu fan.... i am happy about it :P
     
  10. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    ?? Any Luck


    I have been experiencing the same problem at 0000 everynight, SIM restarts the http but it always seems to be related to Pure-Ftp...
    Was wondering if you ever figured anything out?

    Thanks
     
  11. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    to see all running processes, run:

    ps -e | more
     
Loading...

Share This Page