Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Server overload - compromised??

Discussion in 'General Discussion' started by Kurieuo, Sep 8, 2008.

  1. Kurieuo

    Kurieuo Well-Known Member

    Dec 13, 2002
    Likes Received:
    Trophy Points:
    Hi all,

    I am currently experiencing problems/attacks on my server

    About a day ago the server load on my server began going through the roof and I had to reboot the server 2-3 times. A lot of mail outs were happening (which I saw in the mail queue in WHM). My DC disabled some outgoing ports as they noticed FTP scanning happening apparently consuming 25% of the network. Eventually it stopped, or so I thought.

    The following morning I woke up and an ftp_scanner script was being run (as user 'nobody' - I do not have suEXEC installed sadly). But I tracked it down to an account that had 777 permissions on all their files/folders. So I archived them, got rid of it and reset permissions to 644/755. These files looked like hacker utilities and many contained viruses.

    Then server kept spiking and I had to reboot several times again. I installed Config Server Security and Firewall (great firewall/security application btw), and this kept things in check when set to medium. Then when I thought all was good the server spiked again. This time I was able to reset httpd and things normalised kind of (to working order). I increased the CSF to high setting, and it is keeping things in check - just it seems.

    Processes appear to be getting created automatically by something (a virus/trojan), whether I am under constant attack or something. I tried running clamscan and it turned up some bad files in several accounts, however then the server just began overloading again. Bottom line: I need help to bring this under control. It is stressing me to no end.

    If anyone can help, please respond here with suggestions or PM me. I am not sure this is the place, but I am willing to pay to make this problem go away.

    #1 Kurieuo, Sep 8, 2008
    Last edited: Sep 8, 2008
  2. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    May 20, 2003
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    You might check using the Server Security Check in CSF for tips on other things you can do, and you really should upgrade to apache2 if you haven't and SuPHP, ASAP. This should help and is quite painless (or should be) on a normal system these days.

    Chirpy offers several plans over at the same site you got CSF from.

    Worth every penny and a tip, too! IMHO. :)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. capoti

    capoti Active Member

    Mar 25, 2006
    Likes Received:
    Trophy Points:
    I had a high cpu load in the past and solved it for me. I highyl recommend Andy or Scott to work on your server.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice