The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server Restarts

Discussion in 'General Discussion' started by bomonguny, Aug 8, 2007.

  1. bomonguny

    bomonguny Member

    Joined:
    Dec 5, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    My server as of yesterday seems to be crashing every 6 hours or so, and I can't find anythign wrong with the server. Can anyone point me in the direction of some logs that might offer some guidance?

    I have looked at disk space, thats not a problem. It does seem like MySQL is using 80+ CPU, but other than that, I can't find what is causing the server to shutdown. When it does happen I can't ssh in, or webhost login.

    Any Unix admin's help me?
     
  2. ethix

    ethix Active Member

    Joined:
    Dec 21, 2004
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Australia
    /var/log/
    would be a good place to start looking
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If the server has suffered a kernel Oops then there should be a dump on the servers serial port which could give you more information before rebooting it.

    Does the server hang, or does it actually crash? If it hangs, it could be that it is memory thrashing, i.e. either a runaway process or insufficient memory for the servers needs. It could also be indicative of a memory chip failure if it only happens under load, in which case you might want to have the memory swapped out as a precaution.

    As ethix has said, /var/log/messages is the first place to start.
     
  4. bomonguny

    bomonguny Member

    Joined:
    Dec 5, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    The server crashes, it doesn't respond to ssh requests and it doesn't responde to web requests. I have to manually reboot the server through a request to godaddy.com (its a virtual deticated server) so I assume they are automating that from the host machine. From reading the security logs it appears that someone wants into the server, or is attempting to get into the server. Is this what you see? What can I do? I have changed the port of SSH but that won't stop anything for very long.

    Code:
    Aug 10 11:18:45 ip-216-69-173-87 pure-ftpd: (?@69.46.207.173) [INFO] New connect
    ion from 69.46.207.173
    Aug 10 11:18:45 ip-216-69-173-87 pure-ftpd: (?@69.46.207.173) [INFO] west is now
     logged in
    Aug 10 11:18:46 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/Westgate_stores.htm: Not a directory
    Aug 10 11:18:46 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/Westgate_stores.htm: Not a directory
    Aug 10 11:18:46 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/Westgate_stores.htm.LCK: No such file or directory
    Aug 10 11:18:47 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Logout.
    Aug 10 11:18:57 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:18:58 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:18:58 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/: No such file or directory
    Aug 10 11:18:59 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/contribute.xml: No such file or directory
    Aug 10 11:18:59 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:18:59 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/: No such file or directory
    Aug 10 11:19:00 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/no_hub.csi: No such file or directory
    Aug 10 11:19:00 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:19:00 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/: No such file or directory
    Aug 10 11:19:01 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:19:01 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:19:01 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/: No such file or directory
    Aug 10 11:19:02 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/contribute.xml: No such file or directory
    Aug 10 11:19:02 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:19:02 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/: No such file or directory
    Aug 10 11:19:03 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:19:03 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:19:03 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/: No such file or directory
    Aug 10 11:19:04 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/contribute.xml: No such file or directory
    Aug 10 11:19:04 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:19:04 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/: No such file or directory
    Aug 10 11:19:05 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/Westgate_stores.htm: Not a directory
    Aug 10 11:19:06 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [ERROR] Can't o
    pen Westgate_stores.htm.LCK: No such file or directory
    Aug 10 11:19:06 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/Westgate_stores.htm.LCK: No such file or directory
    Aug 10 11:19:08 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [NOTICE] /home/
    west//www/Westgate_stores.htm.LCK uploaded  (32 bytes, 0.25KB/sec)
    Aug 10 11:19:09 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [NOTICE] /home/
    west//www/Westgate_stores.htm downloaded  (20973 bytes, 119848.77KB/sec)
    Aug 10 11:19:17 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [NOTICE] /home/
    west//www/_notes/Westgate_stores.htm.mno downloaded  (240 bytes, 120.38KB/sec)
    Aug 10 11:19:19 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:19:19 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:19:19 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/: No such file or directory
    Aug 10 11:19:20 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/contribute.xml: No such file or directory
    Aug 10 11:19:20 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:19:20 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/: No such file or directory
    Aug 10 11:19:21 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/no_hub.csi: No such file or directory
    Aug 10 11:19:21 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm: No such file or directory
    Aug 10 11:19:22 ip-216-69-173-87 pure-ftpd: (west@69.46.207.173) [INFO] Can't ch
    ange directory to /www/_mm/: No such file or directory
    
     
  5. bomonguny

    bomonguny Member

    Joined:
    Dec 5, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I had a friend look into the server issue and he said there is a DDos Attack coming my way that is trying to get into SSH. Looks like they have been able to figure out the login username but not the password just yet. Any ideas on what I can do? I have changed the SSH port but thats a temp fix till another port scan comes through.
     
  6. dan223

    dan223 Well-Known Member

    Joined:
    Mar 31, 2006
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    You can install apf and bfd. Which will help block the attacks.
     
  7. bomonguny

    bomonguny Member

    Joined:
    Dec 5, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Is there a how to somehwere that you can recommend?
     
  8. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    An alternate to APF, use CSF which gives far more useful options and control.
     
  9. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Sorry, but the log you posted there doesn't show SSH it shows FTP and he DID figure out the password. I would dig into this machine and look for anything that this "west" account might have done. But you might have more than just this little ftp log to look at, that user might not be doing anything wrong judging from the log.
     
    #9 nyjimbo, Aug 22, 2007
    Last edited: Aug 22, 2007
  10. bomonguny

    bomonguny Member

    Joined:
    Dec 5, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    West is a valid user that was FTP'ing.
     
Loading...

Share This Page