Shell Fork Bomb Protection causing segfaults?

For the past few months I've been experiencing General Protection Errors.
Recently, they have began coupling with Segmentation Faults.
They seem to come the most, when I work on my site (I use WinSCP for ftp transfers & putty for command line... both connect under the SSH port.)

Initially, I suspected these errors were due to my php installation. Php has been reinstalled/recompiled with no success.

I've had my data center do quick & extended hard disk scans; came up clean.

Here is an example of the error:

I'm continuously analyzing my access logs and timestamps, trying to locate a connection to a php script.. nothing matches. Different script everytime and sometimes at the very second of the timestamp, there isn't a click on my site.
My site loads pretty fast.. it's on a dedicated server with only 1 other site. Average memory usage (according to cpanel) is 20-25% any time of the day. Load averages at 0.05-0.40
99% of the time these errors occur, I am online doing something on the site. Be it working on it, browsing, etc. whatever... I never notice any service interruptions whatsoever.

Apache Version: 1.3.41
OS: Linux
Kernel: 2.6.9-67.0.15.ELsmp
Architecture: x86_64
PHP: 5.2.6
Cpanel: 11.23.3-RELEASE

Last night I upgraded to Apache 2.2.9 to see if they persist.
So far, not a single error since upgrading... but I haven't logged into SSH since 5am (until now, about 15 minutes ago).

Wondering if there is a possible connection between the shell bomb protection.
Could my ssh client (WinSCP) be requesting too much memory, and the protection is limiting it? I do frequently receive timeouts & errors from the WinSCP client after leaving it idle.

 

Tonight when I was working in WinSCP I wrote down the times of login, logout & any errors that appeared.

From my logs this evening:

I wrote down the following events (some of my times may be a few minutes off, as I forgot to write them down.. so I estimated the nearest time):
"Terminated by User" Error @ 10:21
Restarted my SSH session at 10:26
(as well, sometimes my client lies idle in my task bar before I notice an error has occured.)

Around 10:30 I got sidetracked and stopped keeping track of my errors.
But seeing here, as I am reconnecting so many times, I again receive the "Terminated by User error and attempt to tick "Reconnect" on the error window.


When I gracefully logout (hit the X), no general protection errors or segfaults were logged.


So it seems to me that WinSCP / SSH is causing my errors. Wondering if there is anything that can be done about it?
How can I check if my allotted memory in the server config is maybe too low? What would be a recommended setting?

 

Dedicated server using cpanel & APF.

 

I disabled shell bomb protection yesterday afternoon, refrained from logging into WinSCP, but I logged into SSH a few times to email myself logwatch results (which initially caught the faults)

No errors.
If using WinSCP in place of an ftp client causes segfaults, I assume it should probably not be used. Is the only alternative ftp?

If so, is there any secure way to login to ftp?

 

Haven't had a single error since only ssh for command-line (refrained from using WinSCP).

However, got a protection error this morning when changing an account's password via cpanel. I tried to replicate it several times to no avail. . assuming this one was just a hiccup. The rest of my logs this week have been completely clean!

 

First night of using ftp heavily, general protection faults are back! I'm starting to think there is a misconfig somewhere... not sure where to look?

 

Logged back into Winscp tonight for more testing.

NO errors. BUT i only edited files in private directories that are not accessible to my visitors.

My theory:
the kernel error is triggered as I save a file, and in the same moment it is attempted to be viewed on the website.

(The ftp/winscp clients delete the file and replace it with my edited version after I hit save)
To the viewer it would be a 404 if the client disconnects in the middle of transfer before the new file was completely replaced, but is there something going on in the server memory that could possibly be the culprit?

if this is possible, it would explain the php-cgi warnings and why this only happens during the ftp sessions.


This is the only thing that would make any sort of sense in this situation. Can anyone confirm or deny my assumptions?