The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

stunnel related to high server loads? Possible to turn off?

Discussion in 'General Discussion' started by jols, Oct 20, 2005.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    A stunnel process seems to be related to near instant spikes to 30 or 40 server loads.

    I'm seeing this in the process list:

    root 11232 11231 0 12:06 ? 00:00:00 /usr/bin/perl /usr/local/cpanel/etc/init/startstunnel
    root 11233 11232 0 12:06 ? 00:00:00 /usr/bin/perl /usr/local/cpanel/etc/init/stopstunnel
    root 11238 11233 0 12:06 ? 00:00:00 /usr/bin/perl /scripts/ckillall -9 stunnel-4.04local

    I really don't know what stunnel is. Can we safely turn this off, or put it out of reach of being called by vsite hosted scripts?

    Thanks very much for any response.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Stunnel is used to provide access to SSL protected ports such as 2087/2083/2095 etc, i.e. WHM, cPanel, etc. It would seem more sensible to identify the underlying cause of the stunnel issue by determining if and which ports are being flooded and if so, by which IP address. netstat would be a good starting point.
     
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Thanks Chirpy. I found out it was the WebDav exploit that is killing apache approximately 4 times per day on some of our servers. Trying to figure out a preventitive now, other than just manually blocking the offending IPs of which there are many.
     
Loading...

Share This Page