LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-29-2009, 11:20 AM   #1
glt
Member
 
Registered: Aug 2003
Distribution: RedHat
Posts: 39

Rep: Reputation: 15
vsftpd starting large numbers of sub-processes


Hi,

We have been running a vsftpd daemon on our
server for several years without problems.
In the last few days the vsftpd has started firing
up mulitple sub-processes. This results in large
amounts of traffic on our network. No configuration
changes have been made to the server in many months.

1) Is this a DOS or a problem with vsftpd
2) Can I prevent this from recurring?

Env:
Redhat Linux Release 9
2.4.20-30.9
Yes. Its way old! Nothing I can do about that.

Cheers,
Geoff
 
Old 04-29-2009, 10:58 PM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,261

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Can you see from the logs what those processes are doing? Tie them to connection recs in /var/log/messages? Try getting the firewall to log connections to that port (21). That should show you if you're getting hammered by script kiddies/botnets.
Just to point out that anything that old is ripe for exploits ie hasn't had a security update in years ... maybe this will turn out to be the requirement you can take to the boss to justify running a current system.
 
Old 04-30-2009, 01:41 AM   #3
suhas!
Member
 
Registered: Mar 2007
Posts: 100

Rep: Reputation: 17
You can just get to know who are logged into the server from ps aux output. Just see if those are legitimate users.

You can also look out for any source IP generating a large number of request to your server.

# netstat -antp

Just check for "foreign address" column. Is any particular IP having too many connections?

Regards
 
Old 04-30-2009, 09:06 AM   #4
glt
Member
 
Registered: Aug 2003
Distribution: RedHat
Posts: 39

Original Poster
Rep: Reputation: 15
Hi guys,

Thanks for the replies.
Well. The server is a public Anonymous ftp server.
It is common for it to get requests from IPs all
over the world. To answer suhas!'s question:
yes some of the IPs generate way too many connections
>10 in some cases. Is there a vsftpd.config entry
to limit the number of concurrent connections from
one IP?

Cheers,
Geoff
 
Old 04-30-2009, 10:12 AM   #5
suhas!
Member
 
Registered: Mar 2007
Posts: 100

Rep: Reputation: 17
You can use max_per_ip directive in vsftpd.conf.

Reference : http://www.cyberciti.biz/faq/howto-l...d-connections/

Please let us know if it helps

Regards.
 
Old 04-30-2009, 11:33 AM   #6
glt
Member
 
Registered: Aug 2003
Distribution: RedHat
Posts: 39

Original Poster
Rep: Reputation: 15
Hi guys.

That's perfect! Thanks!

Cheers,
Geoff
 
  


Reply

Tags
vsftpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Copying large numbers of files dman65 Linux - General 8 02-26-2009 07:32 PM
Knoppix on CD, Upon starting I get large menu with large text & blank submenus samdaria Linux - Newbie 1 06-06-2008 09:59 PM
Best way to organize large numbers of files. dman65 Linux - General 4 03-12-2008 07:42 PM
Assigning large numbers of IPv6 addresses jack_sprat Linux - Networking 0 10-02-2007 10:04 AM


All times are GMT -5. The time now is 06:15 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration