Having issues on my Centos / cpanel box.
Code:
root@server [~]# ps -auxf |grep httpd
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.3/FAQ
root 21816 0.0 0.0 4756 724 pts/1 S+ 14:05 0:00 \_ grep httpd
root 19702 0.0 0.3 46800 14580 ? SNs 13:53 0:00 /usr/local/apache/bin/httpd -k start -DSSL
root 19709 0.0 0.1 22804 7784 ? SN 13:53 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 20418 0.6 0.4 48184 18908 ? SN 14:01 0:01 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 20420 0.2 0.4 48292 17792 ? SN 14:01 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 20427 0.3 0.4 48296 18192 ? SN 14:01 0:01 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21663 0.6 0.5 48728 21880 ? SN 14:02 0:01 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21667 0.2 0.4 48216 19304 ? SN 14:02 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21668 0.1 0.3 47828 15048 ? SN 14:02 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21669 0.4 0.4 48208 17756 ? SN 14:02 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21674 0.1 0.3 47948 15904 ? SN 14:03 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21686 0.4 0.5 48548 21208 ? SN 14:03 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21688 0.1 0.3 47824 15028 ? SN 14:03 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21689 0.4 0.5 48604 21996 ? SN 14:03 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21701 0.2 0.3 47824 15036 ? SN 14:03 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21702 0.3 0.4 48092 17732 ? SN 14:03 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21703 0.2 0.3 47824 15520 ? SN 14:03 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21704 0.2 0.3 47908 15340 ? SN 14:03 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21705 0.5 0.4 48052 18624 ? SN 14:03 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21707 0.1 0.3 47824 15036 ? SN 14:03 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21724 0.6 0.3 47824 15400 ? SN 14:04 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21732 0.1 0.3 47824 15396 ? SN 14:04 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21733 0.1 0.3 47832 15380 ? SN 14:04 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21736 0.1 0.3 47824 15028 ? SN 14:04 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21738 0.1 0.3 47824 15380 ? SN 14:04 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21739 0.5 0.4 48320 19424 ? SN 14:04 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21740 1.2 0.4 48532 20252 ? SN 14:04 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21741 0.2 0.5 51992 22108 ? SN 14:04 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21742 0.6 0.3 47832 15384 ? SN 14:04 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21743 0.1 0.3 47824 15020 ? SN 14:04 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21744 1.1 0.3 47824 15352 ? SN 14:04 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21805 0.8 0.4 48312 17692 ? SN 14:05 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 21814 0.2 0.3 47824 14932 ? SN 14:05 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
Code:
root@server [~]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
14 84.254.189.64
8 76.229.163.66
5 74.6.18.251
4 80.248.176.136
4 24.106.187.61
4 216.215.213.86
4 213.42.21.61
4 208.27.123.54
4
3 89.231.204.143
3 68.155.200.108
3 200.201.164.26
3 192.156.52.34
3 166.102.162.250
2 89.111.228.127
2 88.89.134.212
2 87.14.100.98
2 79.72.133.105
2 74.6.22.125
2 72.189.166.163
2 71.72.140.14
2 68.16.225.194
2 67.195.37.94
2 65.80.23.104
2 63.64.53.2
2 63.240.134.230
2 205.178.190.97
2 202.1.192.10
1 servers)
1 Address
1 98.211.4.230
1 98.20.163.65
1 89.108.2.162
root@server [~]# wc -l /proc/net/ip_conntrack
wc: /proc/net/ip_conntrack: No space left on device
1878 /proc/net/ip_conntrack
Code:
root@server [~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 273G 60G 200G 23% /
/dev/sda1 99M 51M 43M 55% /boot
none 2.0G 0 2.0G 0% /dev/shm
/dev/sdb1 276G 59G 203G 23% /backup
/usr/tmpDSK 2.5G 43M 2.3G 2% /tmp
/tmp 2.5G 43M 2.3G 2% /var/tmp
Code:
root@server [~]# tail -f /var/log/messages
Jun 11 14:09:35 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:12:3f:20:e0:e8:00:14:f2:c7:f1:80:08:00 SRC=97.102.167.110 DST=147.202.66.19 LEN=80 TOS=0x00 PREC=0x00 TTL=114 ID=2369 PROTO=UDP SPT=500 DPT=500 LEN=60
Jun 11 14:09:39 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:12:3f:20:e0:e8:00:14:f2:c7:f1:80:08:00 SRC=97.102.167.110 DST=147.202.66.19 LEN=80 TOS=0x00 PREC=0x00 TTL=114 ID=2418 PROTO=UDP SPT=500 DPT=500 LEN=60
Jun 11 14:09:40 server kernel: printk: 150 messages suppressed.
Jun 11 14:09:40 server kernel: ip_conntrack: table full, dropping packet.
Jun 11 14:09:45 server kernel: printk: 151 messages suppressed.
Jun 11 14:09:45 server kernel: ip_conntrack: table full, dropping packet.
Jun 11 14:09:50 server kernel: printk: 119 messages suppressed.
Jun 11 14:09:50 server kernel: ip_conntrack: table full, dropping packet.
Jun 11 14:09:55 server kernel: printk: 163 messages suppressed.
Jun 11 14:09:55 server kernel: ip_conntrack: table full, dropping packet.
Jun 11 14:10:00 server kernel: printk: 124 messages suppressed.
Jun 11 14:10:00 server kernel: ip_conntrack: table full, dropping packet.
Jun 11 14:10:05 server kernel: printk: 168 messages suppressed.
Jun 11 14:10:05 server kernel: ip_conntrack: table full, dropping packet.
root@server [~]# uname -a
Linux server.domain.com 2.6.9-67.0.15.ELsmp #1 SMP Thu May 8 10:52:19 EDT 2008 i686 i686 i386 GNU/Linux
root@server [~]# wc -l /proc/net/ip_conntrack
wc: /proc/net/ip_conntrack: No space left on device
1883 /proc/net/ip_conntrack
root@server [~]# sysctl net.ipv4.netfilter.ip_conntrack_max
net.ipv4.netfilter.ip_conntrack_max = 75000