On Jan 27, 2010, at 10:24 AM, James Smallacombe wrote: > NOTE: Please reply off-list as well as I am not subscribed
OK. In return, please don't cross-post or multi-post the same question to multiple FreeBSD lists. > My server (7.2-STABLE) suffered at least two outages Sunday through yesterday > after having been up since July (it is a rented dedicated server with my FSBD > install). The first time, I was able to log in via remotely, saw a ton of > spam apparently abusing a php mail form script (more on that later) filling > the /var partition. I purged it, but it still required a reboot as CPU was > through the roof. See "man pkill" for an easier way to terminate processes short of rebooting. Depending on just how badly this PHP script was being taken advantage of and how closely you've been tracking security updates, it's possible that your machine might have been compromised. > Yesterday morning, I was unable to get into the server at all...pings were > very high. I called the provider and got in via KVM over IP. CPU was fine > and there wre no full partitions. As I had to catch a flight, I just > rebooted it and it was fine. > > After getting home, I looked in the syslog and see thousands of these: > > Jan 26 21:50:32 host named[667]: client <IP REMOVED>#57938: error sending > response: not enough free resources > Jan 26 21:50:32 host named[667]: client <IP REMOVED>#59830: error sending > response: not enough free resources Were these client IPs expected to be talking to this machine? It indicates a problem sending UDP traffic; netstat -s output would be informative. You might find that setting options in named.conf to tune the # of outstanding queries will help: clients-per-query 10; max-clients-per-query 20; Doing a tcpdump and examining the queries to see what DNS resources are being requested would also be useful. Regards, -- -Chuck _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
