Hi Bill,
> A number of things can cause a reboot that are not related to an
> intrusion.
Yes, of course.
> I have also seen instances where the
> server was running overloaded and was brought down to its knees by an
> overloaded system. Mostly likely its an errant CGI script or too many
> complex CGI's running on your system for it to handle.
That was exactly what the globbing did with the old proftpd. It generated
100% CPU load and eventually the system rebooted after a couple of minutes.
So that's why I primarily wanted to know if proftpd-1.2.2rc1-C2 also is
vulnerable to this exploit. I suspect and hope the answer is "no", but I'm
not sure of that.
But I see your point that the spontaneous reboot in this case could have been
caused by other things as well.
> You can try
> checking your CPU load during busy and not so busy times by type "top"
> at the command line. Watch what is happening and your cpu load, how much
> mem is being utilized during this time. If you are running out of
> memory, you may need to upgrade.
The CPU load so far has not been an issue, but I'll set up a cronjob which
will email me the results of "uptime" every couple of minutes to keep track
of it for a while.
> Another thing that would cause this problem is something I saw today.
> The admin at one site never checked his mail or didn't delete it off the
> server. The admin mail file swelled to 348mb file!!!! Youch! Everytime
> mail was sent to the acct or the admin checked it, it consumed 348mb
> memory to do its thing. If you are running a loaded server when that
> happens, it can cause all sorts of nastyiness.
Now this is very interesting. I'll check the box for extra large mailboxes
and somehow I'm suspecting that this could be the case.
Thanks for your pointers, Bill.
--
Mit freundlichen Gr��en / Best regards
Michael Stauber
�Stauber Multimedia Design ____ Phone: �+49-6471-923812
�Hauptstrasse 31 ______ �D-56244 Goddert ______ Germany
�SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
