I have a RH9 server and the server keeps crashing. There are no Kernel panics that I can see since the kernel log never gets created when it crashes. However in the messages log I see tons of wierd activity. There are a lot of attempted hacks going on and every time the server dies the last few entries in the messages log and there are a bunch but they look like this.

Oct 12 18:09:43 ns1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Oct 12 18:19:08 ns1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Oct 12 18:19:10 ns1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Oct 12 18:27:59 ns1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Oct 12 18:28:00 ns1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Oct 12 18:38:51 ns1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Oct 12 18:38:52 ns1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Oct 12 18:47:24 ns1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Oct 12 18:47:26 ns1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Oct 12 18:56:43 ns1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Oct 12 18:56:44 ns1 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Oct 12 21:32:17 ns1 syslogd 1.4.1: restart.


The FTP logins happen like this for pages and pages and you can see the last entry before the restart is always a logout.

I just switched to the prue-ftpd last night to see if that stopped it but obviously not since it was doing the same thing with proftpd. What would be causing these connections from local host???

Also when running "top" nothing out of the ordinary is happening when the server locks. I will get a screen shot the next time it happens.

I'm trying to get SB to update to Kernel 2.6xx what ever the latest version is since up2date only grabes 2.4 something.

Is there anyone that can help?? Where else could I look for problems without being in front of the terminal to see whats happening there?? I know some Linux but really just enough to get me in trouble.

Oh a couple more things... SB replaced the MB, RAM, Processor and NIC to try and eliminate the problem.

the server is RH9
Linux ns1.hostbulb.com 2.4.20-31.9 #1 Tue Apr 13 17:38:16 EDT 2004 i686 athlon i386 GNU/Linux

I do have a couple very busy sites on the box but not enough to bring it to its knee's I wouldn't think.


Thanks in advance for any help you can provide me with.
Mike

Here's what SB said.. :(


Subject:
Hello,

If you stroll through /var/log/messages you will find a number of
issues. One of which is xinetd constantly complaining about
non-accessible binaries being called in its configs, specifically for
'talk', 'telnet', and 'ntalk'.. all 3 of those in /etc/xinetd.d/ have no
path on line 8 of the file before the binary, so I assume that's the
problem (shouldn't be 'in.ntalkd', should be '/sbin/in.ntalkd' or
wherever it is). These may or may not be related to the 'crashes' you're
experiencing.

Also, there are a lot of errors related to portsentry; it is possible
those are related to this as well, but not neccessarily.

I can find no logs however that point at a hardware problem. I would
suggest starting by fixing the problems with portsentry (which I've
never seen have errors like this on a cPanel box, so I assume you
installed/modified portsentry) and your xinetd.d entries that I assume
you added as those also I don't recall as being standard. As they're not
standard, I wouldn't feel comfortable modifying them, nor is it really
supported.

I took the liberty of installing the 'sysstat' RPM on your server, which
includes a backend cronjob and a client called 'sar', which basically
runs every few minutes and pulls a snapshop of your system state (CPU,
RAM, HD usage, etc); perhaps if the problem continues looking at the
last entry in sar prior to the crash might shed some light on what's
going on.

If the issue continues, please let us know, but at present I can find no
logs specifically causing issues nor has it crashed while I was on or
any time in the past number of hours.



I wouldn't have the first clue about how to modify the stuff they said I did basically if I can't do it through whm or simple cpanel scripts then it hasn't been done. And really have not changed anything there either.

Can anyone point me in the right direction?? :bang:

I would look into hiring a server administrator to manage your server. Good Luck
~Tim

Originally posted by canislupusyo
I would look into hiring a server administrator to manage your server. Good Luck
~Tim

Thanks for the help... :thanks: