The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Xinetd causing High CPU usage

Discussion in 'General Discussion' started by djoverho, Dec 19, 2003.

  1. djoverho

    djoverho Active Member

    Joined:
    Feb 19, 2002
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    WV
    Hi, I was wondering if anyone know what would cause Xinetd to have extremely high cpu usage? We started to get some DOS attacks the past couple days so we installed the APF firewall per the instructions we found in the forum and everything we to normal and it was working great for about 10 -15 min and then IMAP stopped and then Apache stopped as well....we looked in cpu usage and it was xinetd that was causing the problem:
    xinetd-stayalive-pidfile/var/run/xinetd.pid
    we couldnt find the problem with IMAP so we just disable that but we are still getting that xinetd message with the cpu just climbing up. We did turn the firewall off by the way and that didnt seem to help nor did rebooting the server...anyone have any ideas....here is what we get from Top and we are running
    WHM 8.5.1 cPanel 8.5.3-S3
    RedHat - WHM X v2.1.1

    9637 root 19 0 784 784 644 R 93.8 0.0 0:33 0 xinetd
    7611 root 9 0 5016 5016 3072 S 0.9 0.4 0:16 0 httpd
    6 root 9 0 0 0 0 SW 0.7 0.0 0:23 0 kscand
    696 root 9 0 448 352 212 S 0.1 0.0 0:00 0 sshd
    1107 root 11 0 3508 3508 1792 S 0.1 0.3 0:00 0 cpaneld
    8855 root 9 0 928 928 772 R 0.1 0.0 0:01 0 pure-ftpd
    9073 root 10 0 1156 1156 804 R 0.1 0.1 0:01 0 top
    1 root 8 0 132 112 80 S 0.0 0.0 0:03 0 init
    2 root 8 0 0 0 0 SW 0.0 0.0 0:00 0 keventd
    3 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 kapmd
    4 root 19 19 0 0 0 SWN 0.0 0.0 0:02 0 ksoftirqd_CPU0
    5 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 kswapd
    7 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 bdflush
    8 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 kupdated
    9 root 18446744073709551615 -20 0 0 0 SW< 0.0 0.0 0:00 0 mdrecoveryd
    13 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald
    68 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 khubd
    207 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald
    208 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald
    209 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald
    210 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald
    211 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald
    310 root 9 0 288 72 68 S 0.0 0.0 0:00 0 bash
    437 root 9 0 0 0 0 SW 0.0 0.0 0:00 0 eth0
    644 root 9 0 232 196 148 S 0.0 0.0 0:00 0 syslogd
    648 root 9 0 172 156 116 S 0.0 0.0 0:00 0 klogd
    682 named 9 0 3624 3216 1140 S 0.0 0.3 0:01 0 named
    717 root 9 0 904 812 616 S 0.0 0.0 0:00 0 antirelayd
    727 root 8 0 2288 1340 860 S 0.0 0.1 0:00 0 chkservd
     
  2. phantom

    phantom Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    I'm djoverho's partner/brother. I wanted to post the messages log.

    Dec 19 16:14:50 galaxy xinetd: xinetd shutdown failed
    Dec 19 16:14:50 galaxy xinetd[24941]: Server in.qpopper is not executable [line=8]
    Dec 19 16:14:50 galaxy xinetd[24941]: Error parsing attribute server - DISABLING SERVICE [line=8]
    Dec 19 16:14:50 galaxy xinetd[24941]: missing service keyword [line=1]
    Dec 19 16:14:53 galaxy xinetd: xinetd startup succeeded
    Dec 19 16:17:57 galaxy kernel: ** SSH ** IN=eth0 OUT= MAC=00:08:a1:1a:4b:ef:00:0b:5f:57:dd:80:08:00 SRC=68.200.55.101 DST=66.111.37.80 LEN=48 TOS=0x04 PREC=0x00 TTL=48 ID=8457 DF PROTO=TCP SPT=1150 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
    Dec 19 16:17:57 galaxy sshd(pam_unix)[25069]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=101-55.200-68.tampabay.rr.com user=root
    Dec 19 16:18:00 galaxy sshd(pam_unix)[25069]: session opened for user root by (uid=0)
    Dec 19 16:18:20 galaxy kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=00:08:a1:1a:4b:ef:00:0b:5f:57:dd:80:08:00 SRC=220.249.41.204 DST=66.111.37.80 LEN=632 TOS=0x00 PREC=0x00 TTL=111 ID=53062 PROTO=UDP SPT=3637 DPT=1026 LEN=612
    Dec 19 16:18:21 galaxy kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=00:08:a1:1a:4b:ef:00:0b:5f:57:dd:80:08:00 SRC=220.249.41.204 DST=66.111.37.80 LEN=632 TOS=0x00 PREC=0x00 TTL=111 ID=53616 PROTO=UDP SPT=3637 DPT=1027 LEN=612
    Dec 19 16:18:23 galaxy kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=00:08:a1:1a:4b:ef:00:0b:5f:57:dd:80:08:00 SRC=220.249.41.204 DST=66.111.37.80 LEN=632 TOS=0x00 PREC=0x00 TTL=111 ID=54151 PROTO=UDP SPT=3637 DPT=1028 LEN=612
    Dec 19 16:18:24 galaxy kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=00:08:a1:1a:4b:ef:00:0b:5f:57:dd:80:08:00 SRC=220.249.41.204 DST=66.111.37.80 LEN=632 TOS=0x00 PREC=0x00 TTL=111 ID=54815 PROTO=UDP SPT=3637 DPT=1029 LEN=612
    Dec 19 16:18:26 galaxy kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=00:08:a1:1a:4b:ef:00:0b:5f:57:dd:80:08:00 SRC=220.249.41.204 DST=66.111.37.81 LEN=632 TOS=0x00 PREC=0x00 TTL=111 ID=55347 PROTO=UDP SPT=3637 DPT=1026 LEN=612
    Dec 19 16:18:27 galaxy kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=00:08:a1:1a:4b:ef:00:0b:5f:57:dd:80:08:00 SRC=220.249.41.204 DST=66.111.37.81 LEN=632 TOS=0x00 PREC=0x00 TTL=111 ID=55923 PROTO=UDP SPT=3637 DPT=1027 LEN=612
    Dec 19 16:18:29 galaxy kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=00:08:a1:1a:4b:ef:00:0b:5f:57:dd:80:08:00 SRC=220.249.41.204 DST=66.111.37.81 LEN=632 TOS=0x00 PREC=0x00 TTL=111 ID=56488 PROTO=UDP SPT=3637 DPT=1028 LEN=612

    Any ideas?
     
  3. phantom

    phantom Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    We have 2 servers now with IMAP failing. It's happening when cpanel updates. Anybody know how to fix this?
     
Loading...

Share This Page