Register | Sign In


Understanding through Discussion


EvC Forum active members: 64 (9164 total)
4 online now:
Newest Member: ChatGPT
Post Volume: Total: 916,742 Year: 3,999/9,624 Month: 870/974 Week: 197/286 Day: 4/109 Hour: 4/4


EvC Forum Board Administration Announcements

Recent Performance/Reliability Problems

Thread  Details

Email This Thread
Newer Topic | Older Topic
  
Author Topic:   Recent Performance/Reliability Problems
Admin
Director
Posts: 13029
From: EvC Forum
Joined: 06-14-2002
Member Rating: 2.1

Admin Posts Only
Message 1 of 4 (381629)
02-01-2007 11:30 AM

Hi Folks,
I've had to reboot the server a couple times lately. As near as I can tell the server is being brought to its knees by an overload of sendmail processes, about 2000 of them at any given time.
According to a help line person at our webhosting company, this is not an unusual number of sendmail processes, and I would agree with him if the sendmail processes resulted in email ending up in people's email boxes. But it isn't. My own box had the most email, and it only contained about 700 messages. The server is doing no spam filtering, so if the sendmail processes are for messages being sent to accounts on the server, then that email should be ending up in people's email boxes. It isn't.
So the question is, where are the sendmail processes coming from, and where is the email handled by these processes ending up? My suspicion is that our server has been somehow hijacked to send spam, and I'll be looking into this, but server issues are not my forte. I'm an applications architect and programmer, not an operating systems guru.
So I'm soliciting knowledgable opinions. If you think you can help please chime in.
AbE: I should add that the Online Now list is not working, and I'm pretty sure that's because the MySQL tables have been damaged by processes that died while the tables were being updated. I'll fix this tonight.
Also, the server's time is off by about hour. I'll fix that tonight, also.
Edited by Admin, : Provide additional information.
--Percy
EvC Forum Director
Replies to this message:
 Message 2 by iceage, posted 02-01-2007 11:39 AM Admin has replied
 Message 4 by Jazzns, posted 02-01-2007 12:44 PM Admin has not replied
  
iceage 
Suspended Member (Idle past 5940 days)
Posts: 1024
From: Pacific Northwest
Joined: 09-08-2003

iceage Posts Only
Message 2 of 4 (381632)
02-01-2007 11:39 AM 		Reply to: Message 1 by Admin
02-01-2007 11:30 AM

Percy writes:
2000 sendmail processes
Whoa that will put a load on your server. Perhaps you looked just as the queue was being processed.
At any rate I am curious do you get any financial support running this service?
This message is a reply to:
 Message 1 by Admin, posted 02-01-2007 11:30 AM Admin has replied
Replies to this message:
 Message 3 by Admin, posted 02-01-2007 12:12 PM iceage has not replied
  
Admin
Director
Posts: 13029
From: EvC Forum
Joined: 06-14-2002
Member Rating: 2.1

Admin Posts Only
Message 3 of 4 (381638)
02-01-2007 12:12 PM 		Reply to: Message 2 by iceage
02-01-2007 11:39 AM

iceage writes:
At any rate I am curious do you get any financial support running this service?
This question is asked every so often and is worth answering more than once as the previous answers become buried in old threads.
There's no advertising on the site, I neither solicit nor receive any donations, and none are necessary. This is a hobby I like very much, and one that isn't very expensive.
There's also the possibility for the hobby to become a business by selling the board software I've written for this site, in which case I should be paying you, because the users of the site are the proving ground for new software ideas.
But thoughts of selling the board software are on hold right now. My current project at my day job is taking up all of what used to be my spare time, and then some. Interestingly enough, this project is also for a new product, something I haven't done before. All my prior work has been architecting and implementing new features for existing software, or defining industry standards. This is the first time I've architected and implemented a new product from scratch.
--Percy
EvC Forum Director
This message is a reply to:
 Message 2 by iceage, posted 02-01-2007 11:39 AM iceage has not replied
  
Jazzns
Member (Idle past 3936 days)
Posts: 2657
From: A Better America
Joined: 07-23-2004

Jazzns Posts Only
Message 4 of 4 (381643)
02-01-2007 12:44 PM 		Reply to: Message 1 by Admin
02-01-2007 11:30 AM

Without more info I would suspect you are compromised. How easy this is to actually detect would depend on the sophistication of the suspected attacker. If they installed a good rootkit for example, it would be difficult to detect.
One thing to try would be to disable sendmail. If you can't or you seem to yet the situation doesn't change then it is likely that it is an attack and you are working as a zombie now.
The other thing to look for is disk space usage spikes. Are you quickly running out of space?
Backup your data and databases. If your hosting services provides system backups have them restore to the last time you knew everything was okay and make sure all your external services are as up to date as possible (apache, ssh, etc).
You can download and install a security scanner on your home computer called Nessus (free as in speech). If you can't find it on Google ask and I can try to recover the link from home. You can target the server with Nessus and it will basically pound on it for any known security vulnerability and give you a risk assessment. If you run it on any given windows box you will all of a sudden become a very paranoid person. =)
Of course, biblical creationists are committed to belief in God's written Word, the Bible, which forbids bearing false witness; --AIG (lest they forget)
This message is a reply to:
 Message 1 by Admin, posted 02-01-2007 11:30 AM Admin has not replied
  
Date format: mm-dd-yyyy
Timezone: ET (US)
  
Newer Topic | Older Topic
Jump to:


Copyright 2001-2023 by EvC Forum, All Rights Reserved

™ Version 4.2
Innovative software from Qwixotic © 2024