Sponsor:
Server and Web Integrator
Link:
6.5.0
or
7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR
is open-source.
Donate and or Sponsorship always welcome.
Click to:
Donate...
MRatWork
Forum
Please
login
or
register
.
2017-11-07, 17:38:17
Home
Help
Search
Calendar
Login
Register
MRatWork Forum by Mustafa Ramadhan
»
Sawo Project - Kloxo-MR Discussions
»
Kloxo-MR Technical Helps
»
LOAD WARNING Question
« previous
next »
Print
Pages: [
1
]
2
Go Down
Author
Topic: LOAD WARNING Question (Read 4436 times)
0 Members and 1 Guest are viewing this topic.
bigdigillc
Senior Member
Posts: 155
Karma: +1/-0
LOAD WARNING Question
«
on:
2014-12-02, 09:08:38 »
Hey guys,
I consistently get load warnings from my slave server in the middle of the night from about 12am to 4am every 5 minutes. Being in the middle of the night makes me think that it could be penetration attempts (or successes). I only use this server as a MySQL server. Does anyone have any advice or a way I can see what is triggering the load warnings?
Logged
MRatWork
Administrator
The Elite
Posts: 15,381
Karma: +112/-9
Gender:
Re: LOAD WARNING Question
«
Reply #1 on:
2014-12-02, 19:55:05 »
Possible wrong detect for mysql service. Original Kloxo/Kloxo-MR 6.5.0 detecting port 553 for mysql service but possible wrong because mysql running via socket.
Solution, update to 7.0.0 or remove 'mysql' for 'service list' in panel.
Logged
..::
MRatWork
(Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator -
Web Hosting
(Kloxo-MR READY!) --
bigdigillc
Senior Member
Posts: 155
Karma: +1/-0
Re: LOAD WARNING Question
«
Reply #2 on:
2014-12-02, 20:15:18 »
I'm not sure I understand. Don't I need MySQL? It's the only service I'm using on that server. I use the Master for web and mail.
Logged
bigdigillc
Senior Member
Posts: 155
Karma: +1/-0
Re: LOAD WARNING Question
«
Reply #3 on:
2014-12-02, 20:38:36 »
Also, for what it is worth during the times I can hardly get into the admin or even ssh. Everything just times out.
Logged
MRatWork
Administrator
The Elite
Posts: 15,381
Karma: +112/-9
Gender:
Re: LOAD WARNING Question
«
Reply #4 on:
2014-12-02, 20:50:47 »
I am wrong about "'service list' in panel." but go to watchdog and click mysql.
Logged
..::
MRatWork
(Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator -
Web Hosting
(Kloxo-MR READY!) --
bigdigillc
Senior Member
Posts: 155
Karma: +1/-0
Re: LOAD WARNING Question
«
Reply #5 on:
2014-12-02, 21:14:45 »
ok, but something is keeping from being able to access the server when it is receiving the load warnings. I can't access the admin or SSH until they are over.
Logged
bigdigillc
Senior Member
Posts: 155
Karma: +1/-0
Re: LOAD WARNING Question
«
Reply #6 on:
2014-12-13, 18:11:23 »
I wanted to cirecle back to this as I have been looking through my servers quite a bit. I have noticed that every site on a server has been compromised and has 3 directories added with links to malicious sites. I have also noticed that many of the sites are now blocked by google. It appears that they have successfully uploaded a shell. Is there anyway to determine how they were able to get in?
Logged
MRatWork
Administrator
The Elite
Posts: 15,381
Karma: +112/-9
Gender:
Re: LOAD WARNING Question
«
Reply #7 on:
2014-12-13, 21:53:26 »
Try using maildet to find out 'bad' php code.
Logged
..::
MRatWork
(Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator -
Web Hosting
(Kloxo-MR READY!) --
chrisf
Senior Master
Posts: 883
Karma: +11/-1
Gender:
Be the change that you wish to see in the world.
Re: LOAD WARNING Question
«
Reply #8 on:
2014-12-14, 17:44:15 »
Install my sendmail wrapper, limit the amount of outgoing php mail to 50 or so an hour. You can normally catch a problem within an hour as it sends an over report if you want. It also lets you know the working directory of the script sending mail.
Logged
Christopher
Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer:
https://convictionshosting.com
bigdigillc
Senior Member
Posts: 155
Karma: +1/-0
Re: LOAD WARNING Question
«
Reply #9 on:
2014-12-27, 19:25:12 »
Chris, Could you explain a little more please. Every site on one server is being hacked and the other one is now constantly sending load warnings. Furthermore, the IP addresses they are on are now blacklisted by several spam servers. How can I secure the servers?
Logged
bigdigillc
Senior Member
Posts: 155
Karma: +1/-0
Re: LOAD WARNING Question
«
Reply #10 on:
2014-12-27, 19:31:47 »
Also, I have 3 servers with Kloxo and at least two of them get this alert from Maldet.
malware detect scan report for bighost2.bigdigi.net:
SCAN ID: 122714-1912.20336
TIME: Dec 27 19:28:57 -0600
PATH: /home
TOTAL FILES: 226071
TOTAL HITS: 1
TOTAL CLEANED: 1
CLEANED & RESTORED FILES:
/home/kloxo/httpd/installapp/gbook/gbook15.zip
FILE HIT LIST:
{HEX}gzbase64.inject.unclassed.15 : /home/kloxo/httpd/installapp/gbook/gbook15.zip => /usr/local/maldetect/quarantine/gbook15.zip.12680
Logged
MRatWork
Administrator
The Elite
Posts: 15,381
Karma: +112/-9
Gender:
Re: LOAD WARNING Question
«
Reply #11 on:
2014-12-27, 21:01:54 »
Hi, don't use InstallApp because apps too old.
Logged
..::
MRatWork
(Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator -
Web Hosting
(Kloxo-MR READY!) --
bigdigillc
Senior Member
Posts: 155
Karma: +1/-0
Re: LOAD WARNING Question
«
Reply #12 on:
2014-12-27, 21:36:10 »
I don't use it. Should I remove it completely? How do I remove it?
Logged
MRatWork
Administrator
The Elite
Posts: 15,381
Karma: +112/-9
Gender:
Re: LOAD WARNING Question
«
Reply #13 on:
2014-12-27, 23:04:22 »
Rename or delete '/home/kloxo/httpd/installapp' dir.
Logged
..::
MRatWork
(Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator -
Web Hosting
(Kloxo-MR READY!) --
bigdigillc
Senior Member
Posts: 155
Karma: +1/-0
Re: LOAD WARNING Question
«
Reply #14 on:
2014-12-30, 17:23:13 »
Go it, Thanks. Is there anyway to monitor which sites or clients are causing the load warnings?
Logged
Print
Pages: [
1
]
2
Go Up
« previous
next »
MRatWork Forum by Mustafa Ramadhan
»
Sawo Project - Kloxo-MR Discussions
»
Kloxo-MR Technical Helps
»
LOAD WARNING Question
MRatWork Affiliates:
BIGRAF(R) Inc.
House of LMAR
EFARgrafix
..::
Monetize Your Website with ylliXmedia
::..
..::
Online Advertising that Sale Anything with ylliXmedia
::..
Design By SMFSimple.com
SMF 2.0.14
|
SMF © 2017
,
Simple Machines
Page created in 0.039 seconds with 17 queries.