Discussion in 'Plesk for Linux - 8.x and Older' started by ferrisr, Jan 25, 2005.
ever since i upgraded, plesk on port 8443 is deadly slow... any ideas why?
Also, the load average is over 20, and there are over 100 apache zombie processes. Hundreds of defucnt httpds, shes from apache user, and stuff... what is going on.
It's a bug, should be fixed with 7.5.2 (whenever they get around to releasing it). The Admin panel is checking the rpm versions of all your server software before loading the page, instead of only checking when you ask it to.
ahh ok. Found the slow + load average problem. One of my customers had one of the buggy phpBB versions. I checked the error logs and saw it downloading a perl bot to /tmp, i read the comment on it and it said what it was!
I suggest either diabling that user's domain until they upgrade their phpBB, mounting /tmp on it's own partition with noexec, mass-patching the viewtopic.php file, and/or installing mod_security on your server. mod_security is of course one of the better ways to go, as it will patch several things going on with php right now... cross scripting, the bb exploit, so on and so forth. The Process Resource MOnitor I was mentioning has a step-by-step at the Ev1 forum (http://forum.ev1servers.net/showthread.php?s=&threadid=25376) eth0 from the Ev1 forum also has several "How-Tos" on his site... most notably are: mod_security: http://eth0.us/?q=node/17 PHP Security (quick fix): http://eth0.us/?q=node/22 Securing tmp directory: http://eth0.us/?q=node/11 There's some other stuff there too, but these are the basics you should look into. Also, on a side-note... look into a yum upgrade of PHP... atomicrocketturtle keeps pretty up to date on the archives he offers, and puts them through some pretty rigerous testing before making them "public stable"... upgrading your servers php to 4.3.10 (not the Plesk php, but the server PHP) might also help to prevent some of the exploits that are happening on your server. Also look into rkhunter.. what's happening now can count as a server compromise, and could be more serious than it initially looks. Check over your server to make sure that all that has happened is a few files getting downloaded into tmp.
thanks. I will look into mod security. My server is running apache 2.0.52 and php 5.0.2 which i installd myself.
Plesk? No... not exactly. Atomicrocketturtle released an updated version of phpbb for the Application Vault a month or two before the exploit was announced... you can get the update from his website in the yum repository. I'm hoping that when they release the patch for 7.5.2, they take the time to include updated applications for the vault.
how can i tell plesk to block all ports under port 1024 except port 21 and port 80?
Separate names with a comma.