The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server overload - compromised??

Discussion in 'General Discussion' started by Kurieuo, Sep 8, 2008.

  1. Kurieuo

    Kurieuo Well-Known Member

    Joined:
    Dec 13, 2002
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Australia
    Hi all,

    I am currently experiencing problems/attacks on my server

    About a day ago the server load on my server began going through the roof and I had to reboot the server 2-3 times. A lot of mail outs were happening (which I saw in the mail queue in WHM). My DC disabled some outgoing ports as they noticed FTP scanning happening apparently consuming 25% of the network. Eventually it stopped, or so I thought.

    The following morning I woke up and an ftp_scanner script was being run (as user 'nobody' - I do not have suEXEC installed sadly). But I tracked it down to an account that had 777 permissions on all their files/folders. So I archived them, got rid of it and reset permissions to 644/755. These files looked like hacker utilities and many contained viruses.

    Then server kept spiking and I had to reboot several times again. I installed Config Server Security and Firewall (great firewall/security application btw), and this kept things in check when set to medium. Then when I thought all was good the server spiked again. This time I was able to reset httpd and things normalised kind of (to working order). I increased the CSF to high setting, and it is keeping things in check - just it seems.

    Processes appear to be getting created automatically by something (a virus/trojan), whether I am under constant attack or something. I tried running clamscan and it turned up some bad files in several accounts, however then the server just began overloading again. Bottom line: I need help to bring this under control. It is stressing me to no end.

    If anyone can help, please respond here with suggestions or PM me. I am not sure this is the place, but I am willing to pay to make this problem go away.

    Thanks.
     
    #1 Kurieuo, Sep 8, 2008
    Last edited: Sep 8, 2008
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You might check using the Server Security Check in CSF for tips on other things you can do, and you really should upgrade to apache2 if you haven't and SuPHP, ASAP. This should help and is quite painless (or should be) on a normal system these days.



    Chirpy offers several plans over at the same site you got CSF from.

    Worth every penny and a tip, too! IMHO. :)
     
  3. capoti

    capoti Active Member

    Joined:
    Mar 25, 2006
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    I had a high cpu load in the past and www.servertune.com solved it for me. I highyl recommend Andy or Scott to work on your server.
     
Loading...

Share This Page