bin/bash using 50% cpu usage, all the time!

BillyConnite · 09-14-2006, 02:38 AM

Hello all,

Well got a bit of a problem on the server, a process called /bin/bash 88.83 22 keeps using up all my cpu, as soon as I end the process it simply comes back doing the exact same thing again...

Anyone know what the problem is, what the hell is bash lol.

Any help would be much apperciated.

Thanks, Rhett.

Joey · 09-14-2006, 03:49 AM

Bash I believe is shell (SSH)...

BillyConnite · 09-14-2006, 05:33 AM

Originally Posted by Joey

Bash I believe is shell (SSH)...

Yes I think it is, i've had about ten million connections fail to ssh from random usernames and passwords, somebody's obviously trying to get in. You think that could be the reason for bash using so much CPU?

I banned an IP address using iptables, hopefully that will stop him/her for a while anyway. I might just disable ssh until i need it I suppose.
????: NamePros.com http://www.namepros.com/web-hosting-discussion/237728-bin-bash-using-50-cpu-usage.html

Any suggestions anyone?

Thanks, Rhett.

Camron · 09-14-2006, 07:30 AM

Someone is trying to brute force using many passwords for root, I believe. You should look into getting a firewall or DDOS protection as if you are getting many connections from 1 IP or multiple, it will automatically ban it.

OttoYiu · 09-14-2006, 04:20 PM

Or... a easy way to prevent this is to install BFD.

http://www.rfxnetworks.com/bfd.php

Hope that helps,
Thanks.

BillyConnite · 09-14-2006, 08:35 PM

Hey all,

Thanks for the advice, I'll try installing BFD asap.

One thing though, does it require APF?

Thanks, Rhett.

BillyConnite · 09-16-2006, 05:06 AM

Hey all,
Well I'm trying to install APF (I'm still having this problem with bash taking up 100% CPU! GGGRRR), but I'm having a few problems along the way.

This is my shell log after trying to install and run APF:

Quote:

root@server [~]# cd /temporary
root@server [/temporary]# wget http://www.rfxnetworks.com/downloads/apf-curr
tar.gz
--07:41:01-- http://www.rfxnetworks.com/downloads/apf-current.tar.gz
=> `apf-current.tar.gz'
Resolving www.rfxnetworks.com... done.
Connecting to www.rfxnetworks.com[69.50.193.149]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 91,798 [application/x-gzip]

100%[====================================>] 91,798 284.59K/s ETA 00

07:41:02 (284.59 KB/s) - `apf-current.tar.gz' saved [91798/91798]

root@server [/temporary]# tar -xvzf apf-current.tar.gz
apf-0.9.6-1/
apf-0.9.6-1/files/
apf-0.9.6-1/files/ad/
apf-0.9.6-1/files/ad/conf.antidos
apf-0.9.6-1/files/ad/.mnum
apf-0.9.6-1/files/ad/ad.rules
apf-0.9.6-1/files/ad/antidos
apf-0.9.6-1/files/ad/arin.msg
apf-0.9.6-1/files/ad/chains
apf-0.9.6-1/files/ad/ignore.hosts
apf-0.9.6-1/files/ad/ignore
apf-0.9.6-1/files/ad/usr.msg
apf-0.9.6-1/files/ad/tlog
apf-0.9.6-1/files/ad/noncrit.ports
apf-0.9.6-1/files/doc/
apf-0.9.6-1/files/extras/
apf-0.9.6-1/files/extras/dshield/
apf-0.9.6-1/files/extras/dshield/README
apf-0.9.6-1/files/extras/dshield/cron.ds
apf-0.9.6-1/files/extras/dshield/install
apf-0.9.6-1/files/extras/dshield/dshield-3.2.tar.gz
apf-0.9.6-1/files/extras/fed.networks
apf-0.9.6-1/files/extras/get_ports
apf-0.9.6-1/files/extras/importconf
apf-0.9.6-1/files/internals/
apf-0.9.6-1/files/internals/multicast.networks
apf-0.9.6-1/files/internals/cports.common
apf-0.9.6-1/files/internals/functions.apf
apf-0.9.6-1/files/internals/icmp.types
apf-0.9.6-1/files/internals/internals.conf
apf-0.9.6-1/files/internals/reserved.networks
apf-0.9.6-1/files/internals/private.networks
apf-0.9.6-1/files/vnet/
apf-0.9.6-1/files/vnet/main.vnet
apf-0.9.6-1/files/vnet/vnetgen
apf-0.9.6-1/files/vnet/vnetgen.def
apf-0.9.6-1/files/deny_hosts.rules
apf-0.9.6-1/files/VERSION
apf-0.9.6-1/files/apf
apf-0.9.6-1/files/bt.rules
apf-0.9.6-1/files/allow_hosts.rules
apf-0.9.6-1/files/conf.apf
apf-0.9.6-1/files/ds_hosts.rules
apf-0.9.6-1/files/firewall
apf-0.9.6-1/files/glob_allow.rules
apf-0.9.6-1/files/glob_deny.rules
apf-0.9.6-1/files/log.rules
apf-0.9.6-1/files/main.rules
apf-0.9.6-1/files/postroute.rules
apf-0.9.6-1/files/preroute.rules
apf-0.9.6-1/files/sysctl.rules
apf-0.9.6-1/CHANGELOG
apf-0.9.6-1/.ca.def
apf-0.9.6-1/README.antidos
apf-0.9.6-1/COPYING.GPL
apf-0.9.6-1/logrotate.d.apf
apf-0.9.6-1/README.apf
apf-0.9.6-1/apf.init
apf-0.9.6-1/cron.daily
apf-0.9.6-1/importconf
apf-0.9.6-1/install.sh
root@server [/temporary]# cd apf-0.9.6-1/
root@server [/temporary/apf-0.9.6-1]# ./install.sh
Installing APF 0.9.6-1: eth0: error fetching interface information: Device not found
Completed.

Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
????: NamePros.com http://www.namepros.com/showthread.php?t=237728
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/

Other Details:
Listening TCP ports: 1,21,25,53,80,110,111,143,443,465,993,995,1144,208 2,2
2086,2087,2095,2096,3306,5678
Listening UDP ports: 53,43115
Note: These ports are not auto-configured; they are simply presented for i
mation purposes. You must manually configure all port options.
root@server [/temporary/apf-0.9.6-1]# cd
root@server [~]# /usr/local/sbin/apf -s
: command not found: line 9:
: command not found: line 16:
: command not found: line 20:
: command not found: line 24:
: command not found: line 28:
: command not found: line 33:
: command not found: line 35:
: command not found: line 39:
: command not found: line 46:
: command not found: line 50:
: command not found: line 56:
: command not found: line 60:
: command not found: line 64:
: command not found: line 70:
: command not found: line 71:
: command not found: line 75:
: command not found: line 82:
: command not found: line 90:
: command not found: line 96:
: command not found: line 102:
: command not found: line 107:
: command not found: line 111:
: command not found: line 115:
: command not found: line 118:
: command not found: line 126:
: command not found: line 129:
: command not found: line 132:
: command not found: line 135:
: command not found: line 138:
: command not found: line 141:
: command not found: line 144:
: command not found: line 150:
: command not found: line 156:
: command not found: line 161:
: command not found: line 167:
: command not found: line 174:
: command not found: line 180:
: command not found: line 188:
: command not found: line 195:
: command not found: line 201:
: command not found: line 208:
: command not found: line 213:
: command not found: line 218:
: command not found: line 222:
: command not found: line 227:
: command not found: line 234:
: command not found: line 248:
: command not found: line 258:
: command not found: line 264:
: command not found: line 277:
: command not found: line 286:
: command not found: line 303:
: command not found: line 306:
: command not found: line 312:
: command not found: line 316:
: command not found: line 328:
: command not found: line 331:
: command not found: line 334:
: command not found: line 344:
: command not found: line 347:
: command not found: line 355:
: command not found: line 358:
: command not found: line 366:
: command not found: line 369:
: command not found: line 372:
: command not found: line 378:
: command not found: line 381:
: command not found: line 386:
: command not found: line 391:
: command not found: line 397:
: command not found: line 401:
: command not found: line 406:
: command not found: line 411:
: command not found: line 415:
: command not found: line 420:
: command not found: line 424:
: command not found: line 428:
: No such file or directory36: /etc/apf
root@server [~]#

????: NamePros.com http://www.namepros.com/showthread.php?t=237728
As you can see, after typing './install.sh' I get the error "eth0: error fetching interface information: Device not found."

And as I go to run APF I get all those "command not found: line xxx:" errors.

Any help with this is greatly appreciated, thanks all!

Rhett.

09-14-2006, 02:38 AM	THREAD STARTER #1 (permalink)
BillyConnite Join Date: Jul 2005 Location: Coffs H, Australia Posts: 3,456	bin/bash using 50% cpu usage, all the time! Hello all, Well got a bit of a problem on the server, a process called /bin/bash 88.83 22 keeps using up all my cpu, as soon as I end the process it simply comes back doing the exact same thing again... Anyone know what the problem is, what the hell is bash lol. Any help would be much apperciated. Thanks, Rhett. __________________ Free Forums / GoDaddy Coupon Codes (NEW DOMAIN!) / Free Arcade Script / <?='Your computer is '.(1?fine:broken).'.'?>

09-14-2006, 07:30 AM	#4 (permalink)
Camron Senior Member Join Date: Jan 2006 Location: Portland, Oregon Posts: 2,100 Follow @hostingfuze	Someone is trying to brute force using many passwords for root, I believe. You should look into getting a firewall or DDOS protection as if you are getting many connections from 1 IP or multiple, it will automatically ban it. __________________ HostingFuze.com Premium Master Reseller Services \| 99.9% Uptime Guaranteed SLA \| Starting at $4.95/mo Basic Reseller Hosting @ HostFz.com - Services starting as low as $1.95/mo!

09-14-2006, 04:20 PM	#5 (permalink)
OttoYiu NamePros Regular Join Date: Nov 2005 Location: Vancouver, B.C. Posts: 969	Or... a easy way to prevent this is to install BFD. http://www.rfxnetworks.com/bfd.php Hope that helps, Thanks. __________________ Best Regards, Otto Yiu Backomatic.com

09-14-2006, 08:35 PM	THREAD STARTER #6 (permalink)
BillyConnite Join Date: Jul 2005 Location: Coffs H, Australia Posts: 3,456	Hey all, Thanks for the advice, I'll try installing BFD asap. One thing though, does it require APF? Thanks, Rhett. __________________ Free Forums / GoDaddy Coupon Codes (NEW DOMAIN!) / Free Arcade Script / <?='Your computer is '.(1?fine:broken).'.'?>

09-14-2006, 03:49 AM	#2 (permalink)
Joey ^_^ Join Date: May 2005 Location: Maryland Posts: 975	Bash I believe is shell (SSH)...

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)