The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Using sys-snap.sh

Discussion in 'General Discussion' started by DreamPhysix, Nov 17, 2011.

  1. DreamPhysix

    DreamPhysix Well-Known Member

    Joined:
    Sep 30, 2009
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Awhile ago I had a cPanel technician set up sys-snap.sh which I was running when my server crashed and I'm not sure how to use the logs that were created to diagnose the problem. I don't really want to open another ticket and bother anyone. Last time a crash occurred it was because of memory issues so I upgraded memory and used eaccelerator. I don't want to have to keep upgrading RAM because this is supposed to be optimized for a VPS.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    This script logs data to the following location by default:

    Code:
    /root/system-snapshot
    The general idea is to look through the logs for the time when the problem occurred, and see if you notice anything that would help determine the cause of the problem.

    Thank you.
     
  3. DreamPhysix

    DreamPhysix Well-Known Member

    Joined:
    Sep 30, 2009
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    One of the things I noticed in "current" was that an Iranian IP was trying to access pop3 a lot. Obviously a script. Could this cause disk IO/high cpu usage?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's possible for a brute force attack where a script is attempting several logins could cause high disk IO or high CPU usage. You may want to install a third-party firewall (e.g. CSF, APF) to block the IP address in question.

    Thank you.
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Please note that you could also enable cPHulk Brute Force Protection in WHM to block any IP that tries to excessively log into POP3 service on the machine if that user cannot successfully authenticate (so brute force attempts). This will only work if you are using dovecot, though, since courier does not currently have the option to log the IP for blocking under cPHulk Brute Force Protection. We are working on adding support for courier in the future (internal case 39736).

    You can check if you are using dovecot or courier in WHM > Mailserver Selection area.

    If the user is instead actually successfully logging into the POP3 service (a valid user), then you would instead want to use WHM > Mailserver Configuration and lower the "Maximum POP3 Connections per IP" field to a value that would restrict that user from excessively trying to log into the service. It is unlikely this was a successful login given you've mentioned a script, but I wanted to mention this for any user who reads this thread and does experience an actual successful login that is overloading the POP3 service from 1 IP.
     
Loading...

Share This Page