mpi

Well-Known Member
Mar 29, 2006
83
0
156
to kind of summarize everything that i "think" is going on...

i installed cacti, a few days later and exploit giving shell & mysql access came out for it...i didn't know...someone got into my box and ever since...apache is using almost every last meg of my memory...i have 8 gigs and only 1,500 apache connections are eating all of that up when it should be using only aound 20% (average)....now keep in mind that this is only what i "think" is going on.

anyway, when i look at my "CPU/Memory/MySQL Usage" under cpanel....i see

username website.com 0.94(cpu) 113.45(memory) 6.8(mysql)

now looking at that....does that mean that w/e is eating up the memory is some script out of my /home/username/ folder? or can it still be server-wide?

other than that, how can i find out what is eating up all the memory?

if you have/know any info that might help, plz reply, i've been up for a very long time trying to figure this out and i'm veeeery tired.
 

mpi

Well-Known Member
Mar 29, 2006
83
0
156
hmm

i was thinking that apache connections wouldn't register to username so mysql came into mind and i just tried this...

httpd stop
service mysql stop
httpd start (note that i didn't turn on mysql)

i got to 1,500 connections and ram usage was around 10% so it seems like it has something to do with mysql.

how can i go about re-intalling mysql? is there an easy way to do it w/ cpanel?

p.s. is there anyway to fix thid issue without re-installing? (i've never done it before and i don't want to have to risk creating new problems if i don't have to)
 

celliott

Well-Known Member
Jan 2, 2006
459
0
166
United Kingdom
You can reinstall MySQL using
# /scripts/mysqlup --force

Search around for something called MyTop and install that to help monitor the MySQL usage.
 

mpi

Well-Known Member
Mar 29, 2006
83
0
156
You can reinstall MySQL using
# /scripts/mysqlup --force

Search around for something called MyTop and install that to help monitor the MySQL usage.
i downloaded and installed mytop, great tool

Code:
MySQL on localhost (4.1.21-standard)                                                                        up 1+12:37:42 [19:34:31]
 Queries: 5.6M   qps:   44 Slow:     8.0         Se/In/Up/De(%):    29/03/32/01 
             qps now:   30 Slow qps: 0.0  Threads:    4 (   1/   0) 29/02/30/02 
 Key Efficiency: 99.9%  Bps in/out: 17.7k/ 8.7k   Now in/out: 20.3k/44.4k

      Id      User         Host/IP         DB      Time    Cmd Query or State                                                       
      --      ----         -------         --      ----    --- ----------                                                           
 1011918 username       localhost	 database_name   0  Query show full processlist                                                
 1012090 username       localhost 	 database_name   2  Sleep                                                                      
 1010874 username       localhost 	 database_name  252  Sleep                                                                      
 1009547 username       localhost	  database_name 533  Sleep
i don't understand some of the values in there but overall it looks okay, no?

as far as mysql -force goes....

do i get to keep my current databases?
is it gonna be nice an clean or is it gonna give me problems since i'm using --force?
 

Nhojohl

Well-Known Member
Nov 28, 2006
100
0
166
You shouldn't have any problems with loosing databases, as for the messiness.... it could be messy...
 

mpi

Well-Known Member
Mar 29, 2006
83
0
156
darnit

You shouldn't have any problems with loosing databases, as for the messiness.... it could be messy...

:(

...2 more problems just arised.....ssl has gone down and my host just sent me an email telling me that my ip sent out an email containing a virus...
 

mpi

Well-Known Member
Mar 29, 2006
83
0
156
i just caught this....WOW

Code:
top - 01:51:03 up 3 days,  5:41,  1 user,  load average: 55.29, 37.00, 16.49
Tasks: 2543 total,  19 running, 2524 sleeping,   0 stopped,   0 zombie
Cpu(s):  5.4% us, 94.3% sy,  0.0% ni,  0.0% id,  0.0% wa,  0.2% hi,  0.0% si
Mem:   8312692k total,  8298652k used,    14040k free,     8828k buffers
Swap:  8421368k total,  1499324k used,  6922044k free,   745904k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                
20487 nobody    16   0 22156 8784 2900 S   28  0.1   0:00.57 httpd                                                                  
 5276 nobody    16   0 28256  12m 3212 R   24  0.2   0:04.81 httpd                                                                  
21787 nobody    16   0 28992  10m 2824 R   22  0.1   0:01.34 httpd                                                                  
 4955 nobody    15   0 28280  11m 2848 S   22  0.1   0:04.70 httpd                                                                  
18904 nobody    17   0 22844 8828 2836 R   21  0.1   0:00.90 httpd                                                                  
 4779 nobody    16   0 22276 8744 2864 S   19  0.1   0:02.64 httpd                                                                  
   74 root      16   0     0    0    0 R   18  0.0  60:36.88 kswapd0                                                                
26137 nobody    16   0 28088  13m 3212 S   18  0.2   0:04.31 httpd                                                                  
 4837 nobody    16   0 28088  11m 3300 R   17  0.1   0:11.02 httpd                                                                  
20599 nobody    16   0 27968  13m 2824 S   17  0.2   0:02.36 httpd                                                                  
18159 nobody    15   0 28120  14m 3336 S   15  0.2   0:02.97 httpd                                                                  
22031 nobody    18   0 22068 8800 2904 R   13  0.1   0:00.33 httpd                                                                  
22544 root      20   0  4780 2376  760 R   13  0.0   0:01.25 top                                                                    
 4560 nobody    16   0 22236 8840 2892 S   10  0.1   0:01.50 httpd                                                                  
20635 nobody    16   0 28088  11m 2844 R   10  0.1   0:01.92 httpd                                                                  
20934 nobody    15   0 27968  12m 2776 S    7  0.1   0:00.26 httpd                                                                  
20933 nobody    17   0 22328 8788 2816 R    6  0.1   0:01.26 httpd                                                                  
 4996 nobody    15   0 28120  13m 3332 S    6  0.2   0:03.19 httpd                                                                  
 2657 mysql     15   0  134m  22m 2156 S    4  0.3  91:41.41 mysqld                                                                 
 6313 nobody    15   0 28088  12m 3216 S    4  0.2   0:03.51 httpd                                                                  
20445 nobody    15   0 27968  11m 2816 S    3  0.1   0:01.90 httpd                                                                  
10561 nobody    16   0 22964 9572 3304 S    1  0.1   0:02.38 httpd                                                                  
21004 nobody    15   0 22844 8936 2820 S    1  0.1   0:00.04 httpd                                                                  
 2839 root      15   0     0    0    0 S    1  0.0   0:19.49 kjournald                                                              
 4734 root      16   0  232m 2492 1472 S    1  0.0   3:38.10 dsm_sa_datamgr3                                                        
 4867 nobody    16   0 28560  13m 2872 S    1  0.2   0:02.31 httpd                                                                  
 5245 nobody    15   0 22220 9176 3244 S    1  0.1   0:02.95 httpd                                                                  
 5920 nobody    15   0 22220 9232 3236 S    1  0.1   0:02.52 httpd                                                                  
 7384 nobody    15   0 22448 9296 3212 R    1  0.1   0:02.44 httpd                                                                  
 7850 nobody    15   0 28088  13m 2844 S    1  0.2   0:02.47 httpd                                                                  
 7899 nobody    15   0 28088  11m 2848 S    1  0.1   0:04.50 httpd                                                                  
12654 nobody    16   0 22996 9528 3236 S    1  0.1   0:02.60 httpd                                                                  
14875 nobody    16   0 22276 9248 3240 S    1  0.1   0:02.79 httpd                                                                  
19701 nobody    15   0 28088  12m 2848 S    1  0.2   0:05.18 httpd                                                                  
20702 nobody    16   0 22964 9432 3308 S    1  0.1   0:04.01 httpd                                                                  
20742 nobody    15   0 22188 8776 2844 S    1  0.1   0:02.86 httpd                                                                  
30513 nobody    16   0 22308 9260 3236 S    1  0.1   0:01.94 httpd                                                                  
12111 nobody    15   0 22188 8864 2840 S    1  0.1   0:01.08 httpd                                                                  
24346 nobody    16   0 23028 9448 3216 S    1  0.1   0:02.29 httpd
i couldn't barely ssh into the machine...looks like i caught right before it was about to crash...i just immediately stopped apache.

any ideas?
 

mpi

Well-Known Member
Mar 29, 2006
83
0
156
You can reinstall MySQL using
# /scripts/mysqlup --force

Search around for something called MyTop and install that to help monitor the MySQL usage.
successfully re-installed mysql but memory usage is still high.

the system is still recognizing 8 gigs...but can it be that one of the memory chips actually went bad?
 

mpi

Well-Known Member
Mar 29, 2006
83
0
156
Wow

i don't friggin believe this.

took me 2 weeks to figure out ONE line of code that was causing this issue.

all downloads were being forced to be transferred at the speed of 5megs/sec.

i'm soooo dumb.