bomonguny

Member
Dec 5, 2006
15
0
151
My server as of yesterday seems to be crashing every 6 hours or so, and I can't find anythign wrong with the server. Can anyone point me in the direction of some logs that might offer some guidance?

I have looked at disk space, thats not a problem. It does seem like MySQL is using 80+ CPU, but other than that, I can't find what is causing the server to shutdown. When it does happen I can't ssh in, or webhost login.

Any Unix admin's help me?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,450
31
473
Go on, have a guess
If the server has suffered a kernel Oops then there should be a dump on the servers serial port which could give you more information before rebooting it.

Does the server hang, or does it actually crash? If it hangs, it could be that it is memory thrashing, i.e. either a runaway process or insufficient memory for the servers needs. It could also be indicative of a memory chip failure if it only happens under load, in which case you might want to have the memory swapped out as a precaution.

As ethix has said, /var/log/messages is the first place to start.
 

bomonguny

Member
Dec 5, 2006
15
0
151
The server crashes, it doesn't respond to ssh requests and it doesn't responde to web requests. I have to manually reboot the server through a request to godaddy.com (its a virtual deticated server) so I assume they are automating that from the host machine. From reading the security logs it appears that someone wants into the server, or is attempting to get into the server. Is this what you see? What can I do? I have changed the port of SSH but that won't stop anything for very long.

Code:
Aug 10 11:18:45 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] New connect
ion from 69.46.207.173
Aug 10 11:18:45 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] west is now
 logged in
Aug 10 11:18:46 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/Westgate_stores.htm: Not a directory
Aug 10 11:18:46 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/Westgate_stores.htm: Not a directory
Aug 10 11:18:46 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/Westgate_stores.htm.LCK: No such file or directory
Aug 10 11:18:47 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Logout.
Aug 10 11:18:57 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:18:58 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:18:58 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/: No such file or directory
Aug 10 11:18:59 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/contribute.xml: No such file or directory
Aug 10 11:18:59 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:18:59 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/: No such file or directory
Aug 10 11:19:00 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/no_hub.csi: No such file or directory
Aug 10 11:19:00 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:19:00 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/: No such file or directory
Aug 10 11:19:01 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:19:01 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:19:01 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/: No such file or directory
Aug 10 11:19:02 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/contribute.xml: No such file or directory
Aug 10 11:19:02 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:19:02 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/: No such file or directory
Aug 10 11:19:03 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:19:03 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:19:03 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/: No such file or directory
Aug 10 11:19:04 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/contribute.xml: No such file or directory
Aug 10 11:19:04 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:19:04 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/: No such file or directory
Aug 10 11:19:05 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/Westgate_stores.htm: Not a directory
Aug 10 11:19:06 ip-216-69-173-87 pure-ftpd: ([email protected]) [ERROR] Can't o
pen Westgate_stores.htm.LCK: No such file or directory
Aug 10 11:19:06 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/Westgate_stores.htm.LCK: No such file or directory
Aug 10 11:19:08 ip-216-69-173-87 pure-ftpd: ([email protected]) [NOTICE] /home/
west//www/Westgate_stores.htm.LCK uploaded  (32 bytes, 0.25KB/sec)
Aug 10 11:19:09 ip-216-69-173-87 pure-ftpd: ([email protected]) [NOTICE] /home/
west//www/Westgate_stores.htm downloaded  (20973 bytes, 119848.77KB/sec)
Aug 10 11:19:17 ip-216-69-173-87 pure-ftpd: ([email protected]) [NOTICE] /home/
west//www/_notes/Westgate_stores.htm.mno downloaded  (240 bytes, 120.38KB/sec)
Aug 10 11:19:19 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:19:19 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:19:19 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/: No such file or directory
Aug 10 11:19:20 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/contribute.xml: No such file or directory
Aug 10 11:19:20 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:19:20 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/: No such file or directory
Aug 10 11:19:21 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/no_hub.csi: No such file or directory
Aug 10 11:19:21 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm: No such file or directory
Aug 10 11:19:22 ip-216-69-173-87 pure-ftpd: ([email protected]) [INFO] Can't ch
ange directory to /www/_mm/: No such file or directory
 

bomonguny

Member
Dec 5, 2006
15
0
151
I had a friend look into the server issue and he said there is a DDos Attack coming my way that is trying to get into SSH. Looks like they have been able to figure out the login username but not the password just yet. Any ideas on what I can do? I have changed the SSH port but thats a temp fix till another port scan comes through.
 

nyjimbo

Well-Known Member
Jan 25, 2003
1,133
1
168
New York
I had a friend look into the server issue and he said there is a DDos Attack coming my way that is trying to get into SSH. Looks like they have been able to figure out the login username but not the password just yet. Any ideas on what I can do? I have changed the SSH port but thats a temp fix till another port scan comes through.
Sorry, but the log you posted there doesn't show SSH it shows FTP and he DID figure out the password. I would dig into this machine and look for anything that this "west" account might have done. But you might have more than just this little ftp log to look at, that user might not be doing anything wrong judging from the log.
 
Last edited: