Hello

There ia a perl scrip that uses 80% of the cpu.

top:

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

28917 apache 25 0 5496 3036 1288 R 49.3 0.3 44:26.88 perl

How can i find the command?
Can i disable perl?
Where can i find guidlines of optimizing the php.ini file?

Thank you

Originally posted by kvoul
Where can i find guidlines of optimizing the php.ini file?

There's not much optimizing you CAN do in php.ini - and what the heck does php.ini have to do with Perl? You've got yourself one really weird server if it does.

And you probably CAN disable perl, however it's a probably a very bad idea to do so.

This is most likely a perl program running as a cgi.

It's probably stuck.

Restarting httpd may resolve the problem.

Jeff

I did it
No luck

It comes back. How can i find the script that causes the problem???

Thank you

I stopped httpd but the perl commands (5 of them with 15% cpu usage each other) were still there. What could be the reason???

kill the processes or reboot

possible you had an error by trying something
especially using copy paste ...

how di i kill these processes? (i am newbie)

Also i have rebooted the system 3 times. After some time f* perl processes comes back

top:

top - 23:39:55 up 1 day, 6:18, 1 user, load average: 17.93, 18.71, 18.92
Tasks: 204 total, 15 running, 188 sleeping, 0 stopped, 1 zombie
Cpu(s): 69.8% us, 24.6% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, 5.6% si
Mem: 906636k total, 898120k used, 8516k free, 2656k buffers
Swap: 2000084k total, 1460k used, 1998624k free, 357796k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
18133 apache 15 0 37316 24m 2872 S 9.6 2.7 1:33.61 httpd
29627 apache 25 0 6136 3624 1276 R 8.3 0.4 35:50.25 perl
4342 apache 25 0 6564 3804 1360 R 6.6 0.4 21:16.49 perl
11787 apache 25 0 6136 3664 1316 S 6.6 0.4 34:27.07 perl
15109 apache 25 0 6140 3628 1276 R 6.6 0.4 33:59.65 perl
21862 apache 25 0 6136 3672 1316 R 6.6 0.4 51:36.92 perl
26344 apache 25 0 3548 1920 1344 R 6.6 0.2 1:29.42 perl
26760 apache 25 0 6264 3672 1320 R 6.6 0.4 313:58.82 perl
28917 apache 25 0 5496 2476 1288 R 6.6 0.3 517:42.30 perl
30456 apache 25 0 6012 3324 1464 R 6.6 0.4 22:19.09 perl
22105 apache 25 0 6140 3620 1276 R 6.3 0.4 15:42.87 perl
10781 mysql 18 0 53556 33m 1888 D 5.3 3.8 0:03.83 mysqld
2054 mysql 25 0 53556 33m 1888 R 3.0 3.8 4:53.11 mysqld

you have a zombie process
see if your comp is not infected or have a bad script running

check all or let check by professionnal like https://support.acunett.com/

What you mean by "check all"?

How can i kill a zobie process??

You can't kill a zombie process. I found this explanation on the 'net:

A zombie process doesn't react to signals because it's not really a process at all- it's just what's left over after it died. What's supposed to happen is that its parent process was to issue a "wait()" to collect the information about its exit. If the parent doesn't (programming error or just bad programming), you get a zombie. The zombie will go away if its parent dies- it will be "adopted" by init which will do the wait()- so if you see one hanging about, check its parent; if it is init, it will be gone soon, if not the only recourse is to kill the parent..which you may or may not want to do.

Restarting the parent will most likely kill all zombie processes.

To kill other processes:

# kill <pid> where <pid> is the process number of the process you want to kill. It's in the first column of the example you posted.

The above command will tell the process to kill itself. If that doesn't work you can tell linux to kill the process with:

# kill -9 <pid>
Note that you don't type the #. It's there to tell you that you issue the command as root. If the line started with $ you could issue the command as either root or an unprivileged user.

Jeff

Originally posted by kvoul
how di i kill these processes? (i am newbie)

Also i have rebooted the system 3 times. After some time f* perl processes comes back

top:

top - 23:39:55 up 1 day, 6:18, 1 user, load average: 17.93, 18.71, 18.92
Tasks: 204 total, 15 running, 188 sleeping, 0 stopped, 1 zombie
Cpu(s): 69.8% us, 24.6% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, 5.6% si
Mem: 906636k total, 898120k used, 8516k free, 2656k buffers
Swap: 2000084k total, 1460k used, 1998624k free, 357796k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
18133 apache 15 0 37316 24m 2872 S 9.6 2.7 1:33.61 httpd
29627 apache 25 0 6136 3624 1276 R 8.3 0.4 35:50.25 perl
4342 apache 25 0 6564 3804 1360 R 6.6 0.4 21:16.49 perl
11787 apache 25 0 6136 3664 1316 S 6.6 0.4 34:27.07 perl
15109 apache 25 0 6140 3628 1276 R 6.6 0.4 33:59.65 perl
21862 apache 25 0 6136 3672 1316 R 6.6 0.4 51:36.92 perl
26344 apache 25 0 3548 1920 1344 R 6.6 0.2 1:29.42 perl
26760 apache 25 0 6264 3672 1320 R 6.6 0.4 313:58.82 perl
28917 apache 25 0 5496 2476 1288 R 6.6 0.3 517:42.30 perl
30456 apache 25 0 6012 3324 1464 R 6.6 0.4 22:19.09 perl
22105 apache 25 0 6140 3620 1276 R 6.3 0.4 15:42.87 perl
10781 mysql 18 0 53556 33m 1888 D 5.3 3.8 0:03.83 mysqld
2054 mysql 25 0 53556 33m 1888 R 3.0 3.8 4:53.11 mysqld

Ouch,, you need Nobody Check 1.03. This will detect and kill malicious perl processes running under the Apache user.

http://www.webhostgear.com/353.html

Give it a shot and let me know.

Cheers

Steve

Steve, i'm not sure I understand.

Will Nobody Check kill processes running as apache? Then how does it determine what should run and what shouldn't run?

Thanks.

Jeff

Originally posted by jlasman

Will Nobody Check kill processes running as apache? Then how does it determine what should run and what shouldn't run?

Thanks.

Jeff

Hi Jeff,

I'm glad you asked. Nobody Check has a pre-determined set of rules built in. It scans all processes running under the web server (nobody or apache) user group(s) and determines if they are valid or not.

Processes found that don't match any of the known rules are found to be malicious. Perl should not run as the Apache or nobody user, it should run under the users credentials.

Nobody Check 1.03 then has the option to automatically kill the process found in violation or to just report it with low or high level details.

I just wanted to say Thank You to rampage for recommending the Nobody Check utility from WebHostGear.

I had rampant perl processes running on one of my DA servers that were hogging up CPU time. I downloaded and ran the Nobody Check utility, and it promptly removed all of the perl processes without adversely effecting the server.

Config of the utility is as easy as can be, and it emails you a report of what it found and fixed.

Thanks again!

-R

Did a search, no hits so I'm pulling up an old thread: does anyone still use Nobody Check? If so, where is the latest version for DA? The links in http://www.webhostgear.com/353.html are dead

There is no new one. If you want a script just write your own.

There is no new one. If you want a script just write your own.

Thank you for the suggestion, but I'm afraid you may have misread my post.

My question was: where can I get a copy of the Nobody Check script, as the link above is dead?

Try google.

Try google.

Thank you again for taking the time to post such an insightful suggestion. While check google again, hopefully someone else might notice this thread and post a link if they have it.

mr.applesauce, please don't let me take up any more of your time by responding; and thanks again for your suggestions.

search on this forum for update.script

this script can install nobody check and other stuff, well, you need just that but take a look on other stuff, you should find something useful :)

Regards