store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Fri Dec 19, 2014 4:54 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Latest proftpd causing extremely high load
Unread postPosted: Wed Mar 09, 2011 8:19 am 
Offline
Forum User
Forum User

Joined: Tue Dec 22, 2009 5:53 am
Posts: 6
Location: Athens, Greece
Hey all!

I've been experiencing a very strange issue after the whole proftpd remote root exploit fuss: every user connected via FTP consumes a humongous amount of CPU time and memory (to the point where an 8 GB RAM server started swapping because of the proftpd processes) no matter what the user performs (IDLE, LIST etc).

The server is a hackenstein of RHEL 4 and CentOS 4.8, with all package conflicts resolved and has been running smoothly for over 1.5 year now. The issue has appeared with both Atomic proftpd 1.3.3c and 1.3.3d and strace is to my eyes inconclusive.

Any help would be greatly appreciated, as I don't like reverting to the vulnerable 1.3.2e (which is the latest version where proftpd runs with no issues whatsoever) for the server to operate correctly.

Thanks!


Top
 Profile  
 
 Post subject: Re: Latest proftpd causing extremely high load
Unread postPosted: Wed Mar 09, 2011 10:57 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7964
Location: earth
rough guess, downstream symptom of a rootkit?


Top
 Profile  
 
 Post subject: Re: Latest proftpd causing extremely high load
Unread postPosted: Thu Mar 10, 2011 4:40 am 
Offline
Forum User
Forum User

Joined: Tue Dec 22, 2009 5:53 am
Posts: 6
Location: Athens, Greece
On about 15 servers (4 dedicated and 11 VPSes, 4 of which were opened yesterday?)? The issue occurs on Centos 5.5 x64 as well but never on Parallels' 1.3.2e proftpd!


Top
 Profile  
 
 Post subject: Re: Latest proftpd causing extremely high load
Unread postPosted: Thu Mar 10, 2011 11:01 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7964
Location: earth
Very strange, has anyone else experienced this? These were the changes from 1.3.3c to 1.3.3d:

+ Fixed sql_prepare_where() buffer overflow (Bug#3536)
+ Fixed CPU spike when handling .ftpaccess files.
+ Fixed handling of SFTP uploads when compression is used.

Do you use .ftpaccess files at all?


Top
 Profile  
 
 Post subject: Re: Latest proftpd causing extremely high load
Unread postPosted: Fri Mar 11, 2011 6:19 am 
Offline
Forum User
Forum User

Joined: Tue Dec 22, 2009 5:53 am
Posts: 6
Location: Athens, Greece
What about the changelog between 1.3.2e and 1.3.3c? No .ftpaccess files are being used...


Top
 Profile  
 
 Post subject: Re: Latest proftpd causing extremely high load
Unread postPosted: Fri Mar 11, 2011 9:18 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7964
Location: earth
Its big. Check them all out here: http://www.proftpd.org


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group