The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Shell Fork Bomb Protection causing segfaults?

Discussion in 'General Discussion' started by bls24, Jun 30, 2008.

  1. bls24

    bls24 Well-Known Member

    Joined:
    May 12, 2007
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    For the past few months I've been experiencing General Protection Errors.
    Recently, they have began coupling with Segmentation Faults.
    They seem to come the most, when I work on my site (I use WinSCP for ftp transfers & putty for command line... both connect under the SSH port.)

    Initially, I suspected these errors were due to my php installation. Php has been reinstalled/recompiled with no success.

    I've had my data center do quick & extended hard disk scans; came up clean.

    Here is an example of the error:
    I'm continuously analyzing my access logs and timestamps, trying to locate a connection to a php script.. nothing matches. Different script everytime and sometimes at the very second of the timestamp, there isn't a click on my site.
    My site loads pretty fast.. it's on a dedicated server with only 1 other site. Average memory usage (according to cpanel) is 20-25% any time of the day. Load averages at 0.05-0.40
    99% of the time these errors occur, I am online doing something on the site. Be it working on it, browsing, etc. whatever... I never notice any service interruptions whatsoever.

    Apache Version: 1.3.41
    OS: Linux
    Kernel: 2.6.9-67.0.15.ELsmp
    Architecture: x86_64
    PHP: 5.2.6
    Cpanel: 11.23.3-RELEASE

    Last night I upgraded to Apache 2.2.9 to see if they persist.
    So far, not a single error since upgrading... but I haven't logged into SSH since 5am (until now, about 15 minutes ago).

    Wondering if there is a possible connection between the shell bomb protection.
    Could my ssh client (WinSCP) be requesting too much memory, and the protection is limiting it? I do frequently receive timeouts & errors from the WinSCP client after leaving it idle.
     
    #1 bls24, Jun 30, 2008
    Last edited: Jun 30, 2008
  2. bls24

    bls24 Well-Known Member

    Joined:
    May 12, 2007
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Tonight when I was working in WinSCP I wrote down the times of login, logout & any errors that appeared.

    From my logs this evening:
    I wrote down the following events (some of my times may be a few minutes off, as I forgot to write them down.. so I estimated the nearest time):
    "Terminated by User" Error @ 10:21
    Restarted my SSH session at 10:26
    (as well, sometimes my client lies idle in my task bar before I notice an error has occured.)

    Around 10:30 I got sidetracked and stopped keeping track of my errors.
    But seeing here, as I am reconnecting so many times, I again receive the "Terminated by User error and attempt to tick "Reconnect" on the error window.


    When I gracefully logout (hit the X), no general protection errors or segfaults were logged.


    So it seems to me that WinSCP / SSH is causing my errors. Wondering if there is anything that can be done about it?
    How can I check if my allotted memory in the server config is maybe too low? What would be a recommended setting?
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Is this on a real server or a VPS? There is a known issue with the "Shell Fork Bomb Protection" feature and the Virtuozzo VPS and you shouldn not enable it on such systems.
     
  4. bls24

    bls24 Well-Known Member

    Joined:
    May 12, 2007
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Dedicated server using cpanel & APF.
     
  5. bls24

    bls24 Well-Known Member

    Joined:
    May 12, 2007
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    I disabled shell bomb protection yesterday afternoon, refrained from logging into WinSCP, but I logged into SSH a few times to email myself logwatch results (which initially caught the faults)

    No errors.
    If using WinSCP in place of an ftp client causes segfaults, I assume it should probably not be used. Is the only alternative ftp?

    If so, is there any secure way to login to ftp?
     
  6. bls24

    bls24 Well-Known Member

    Joined:
    May 12, 2007
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Haven't had a single error since only ssh for command-line (refrained from using WinSCP).

    However, got a protection error this morning when changing an account's password via cpanel. I tried to replicate it several times to no avail. . assuming this one was just a hiccup. The rest of my logs this week have been completely clean!
     
  7. bls24

    bls24 Well-Known Member

    Joined:
    May 12, 2007
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    First night of using ftp heavily, general protection faults are back! I'm starting to think there is a misconfig somewhere... not sure where to look?
     
  8. bls24

    bls24 Well-Known Member

    Joined:
    May 12, 2007
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Logged back into Winscp tonight for more testing.

    NO errors. BUT i only edited files in private directories that are not accessible to my visitors.

    My theory:
    the kernel error is triggered as I save a file, and in the same moment it is attempted to be viewed on the website.

    (The ftp/winscp clients delete the file and replace it with my edited version after I hit save)
    To the viewer it would be a 404 if the client disconnects in the middle of transfer before the new file was completely replaced, but is there something going on in the server memory that could possibly be the culprit?

    if this is possible, it would explain the php-cgi warnings and why this only happens during the ftp sessions.


    This is the only thing that would make any sort of sense in this situation. Can anyone confirm or deny my assumptions?
     
  9. blargman

    blargman Well-Known Member

    Joined:
    Sep 11, 2007
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    I've noticed the same when browsing anything using php-cgi. Only thing running cgi is cpanel php. Tried /scripts/makecpphp didn't do much to help. I can reproduce it by refreshing phpMyAdmin and it instantly shows up in dmesg. I'll let ya know if I find anything.
     
  10. andywest

    andywest Registered

    Joined:
    Aug 17, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    also getting GPF for php-cgi, and use ssh

    I have also been getting the following error of great concern in my logwatch log files this last month or so (not before that). I have CPanel provide automatic updates to the latest stable builds. I use REDHAT ENTERPRISE 5.2 x86_64, Apache Webserver xxx, and have WHM 11.23.2 and cPanel 11.23.4.

    from yesterday's log file:
    --------------------- Kernel Begin ------------------------
    WARNING: General Protection Faults in these executables
    php-cgi : 6 Time(s)


    Thx for the tips on a possible SSH connection!

    I use SSH regularly for file transfers, including yesterday extensively (above log file), but to a non-public, development web site that the public does not see or use (I highly doubt, therefore, that anyone is trying to concurrently view files on the site while I'm uploading the new file(s)). I use the "SSH Secure Shell" product, from Secure Shell Communications. I don't use WinSCP. My SSH regularly times out and I wonder if that is connected to the issue??

    I will now try to correlate my SSH activity, as well as timeouts (I'll let some occur and note times), with the timing of these GPF's.

    Andy
     
  11. raysolomon

    raysolomon Member

    Joined:
    Oct 12, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    I have been getting this error on a particular server too.
    But I don't use any php-cgi scripts, only cpanel does.
    I use php as an apache module, not cgi.

    Therefore it is cpanel that has a cgi-based script that is not logically functioning.

    My advice is to put in a support request to cpanel.
     
Loading...

Share This Page