| Author |
|
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 23 January 2014 at 11:37pm | IP Logged
|
|
|
A month ago I noticed a strange problem. My CPU is overloaded sometimes. 25%, 50, 75, 100.. (4 cores) Normal load is 2-7%. It was easy to find that the problem is with httpd daemon. Right now I found the real reason.
/server-status:
Srv PID Acc M CPU SS Req Conn Child Slot Cl ient VHost Request
4-0 419 0/14/46436 W 0.16 59803 0 0.0 0.33 426 .14 188.123.245.145 myhost:80 GET /webmail/?/Raw/Download/18/NX2A8uN8wPzmg9ZHwTWFSoXW3snFrQxF
any ideas what is it? There is no /webmail/?/ of course..
|
| Back to Top |
|
| |
Alex
AfterLogic Support
Joined: 19 November 2003
Online Status: Offline
Posts: 2207
|
| Posted: 24 January 2014 at 3:06am | IP Logged
|
|
|
Quote:
| any ideas what is it? There is no /webmail/?/ of course.. |
|
|
Couldn't understand this..
Regards,
Alex
|
| Back to Top |
|
| |
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 24 January 2014 at 7:05am | IP Logged
|
|
|
some user waits to reply from the place, which is really absent in my system: "/webmail/?/Raw/Download/18/"
normally server should abort such connection, however it does not do it. So, webmail holds the connection (as seems to me). In this case it is a security bug.. What do you think?
|
| Back to Top |
|
| |
Alex
AfterLogic Support
Joined: 19 November 2003
Online Status: Offline
Posts: 2207
|
| Posted: 27 January 2014 at 6:44am | IP Logged
|
|
|
"/webmail/?/Raw/Download/18/" is /webmail" with "Raw/Download/18/" GET parameter.
It's the same as /webmail/index.php?/Raw/Download/18/.
Also, 0.16 does not seem to be large usage of the CPU. Spikes to 100% are possible but I guess you don't get 100% all the time?
Regads,
Alex
|
| Back to Top |
|
| |
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 06 February 2014 at 7:41am | IP Logged
|
|
|
Now it is repeating, so I can continue.
/server-status:
5-0 24156 15/19/1833 W 1.43 1757 0 677.8 0.69 11 1.20 180.59.58.242 myhost:80 GET /webmail/?/Raw/View/14/HJo7EVbsvGUD_OFo6aX3HoPEH6I2NKdvWYP6
Well, really CPU load here is small. Now it is 1.43.
However look at the top results:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
24156 apache 20 0 471m 27m 6016 R 99,7 0,4 35:30.92 httpd
You see PID is 24156 in both cases. And CPU is 99.7%. And look at the time! So it hangs. And it will not stop untill I restart apache ((
|
| Back to Top |
|
| |
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 06 February 2014 at 7:44am | IP Logged
|
|
|
By the way, that guys (180.59.58.242; 188.123.245.145) are not my users. So, is it a successful attack?
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6167
|
| Posted: 07 February 2014 at 2:01am | IP Logged
|
|
|
Without direct access to the system, it's not really possible for us to tell what exactly is going on. However, we have a suggestion regarding high CPU load - it might be caused by WebMail generating image previews, which fails for some reason on PHP level.
You can try disabling that feature by making a small modification in libraries/ProjectSeven/ActionsBase.php file, the following code:
Code:
private function isImageMimeTypeSuppoted($sMimeType)
{
$bResult = function_exists('gd_info'); |
|
|
should be modified as follows:
Code:
private function isImageMimeTypeSuppoted($sMimeType)
{
return false;
$bResult = function_exists('gd_info'); |
|
|
Also, a configuration option will be added in upcoming version 7.2 to control this behavior.
Hope this helps!
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 08 February 2014 at 2:48am | IP Logged
|
|
|
Thank you very much! I'll try to use it. Unfortunately, last weeks this behaviour becomes rare.. So I can not analyse the result quickly.
Igor wrote:
| Without direct access to the system, it's not really possible for us to tell what exactly is going on. |
|
|
I can send a core dump.
|
| Back to Top |
|
| |
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 06 March 2014 at 7:09am | IP Logged
|
|
|
So, I installed new version from this Feb. And disabled isImageMimeTypeSuppoted() as you wrote. No success. It starts again ((
I have a coredumps of hanging processes.
Or I can do anything to understand this behaviour. What, however?
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6167
|
| Posted: 06 March 2014 at 10:56pm | IP Logged
|
|
|
Actually, in current version thumbnails are disabled with the configuration option described here. So make sure they're actually disabled.
I don't think coredump will be much of a help here. What we need here is a reliable way to trigger the issue, it's just not possible to fix something we can't reproduce.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 07 March 2014 at 5:32am | IP Logged
|
|
|
Well, I am trying )
Should I remove previous isImageMimeTypeSuppoted() disabling, or it does not matter?
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6167
|
| Posted: 07 March 2014 at 8:20am | IP Logged
|
|
|
I don't think removing it the old way would hurt, you can use both the ways just to be sure.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 12 March 2014 at 1:10am | IP Logged
|
|
|
No, it starts again. So, let's look for another reason.
I see that the hanging processes originates from the same ip (((
And coredump
(gdb) frame 1
#1 0x00007f53e5fd50ea in _zval_dtor (zvalue=<optimized out>) at /usr/src/debug/php-5.4.23/Zend/zend_variables.h:35
35 _zval_dtor_func(zvalue ZEND_FILE_LINE_RELAY_CC);
(gdb) frame 2
#2 _zval_ptr_dtor (zval_ptr=0x7f53f772e018) at /usr/src/debug/php-5.4.23/Zend/zend_execute_API.c:436
436 zval_dtor(*zval_ptr);
(gdb) frame 3
#3 _zval_ptr_dtor (zval_ptr=0x7f53f772e018) at /usr/src/debug/php-5.4.23/Zend/zend_execute_API.c:425
425 ZEND_API void _zval_ptr_dtor(zval **zval_ptr ZEND_FILE_LINE_DC) /* {{{ */
(gdb) frame 4
#4 0x00007f53e5ff1d68 in zend_hash_destroy (ht=0x7f53f772d7e0) at /usr/src/debug/php-5.4.23/Zend/zend_hash.c:560
560 ht->pDestructor(q->pData);
(gdb) frame 5
#5 0x00007f53e5fda485 in destroy_op_array (op_array=0x7f53f772deb8) at /usr/src/debug/php-5.4.23/Zend/zend_opcode.c:352
352 zend_hash_destroy(op_array->static_variables);
(gdb) frame 6
#6 0x00007f53e5ff1d68 in zend_hash_destroy (ht=0x7f53f7438688) at /usr/src/debug/php-5.4.23/Zend/zend_hash.c:560
560 ht->pDestructor(q->pData);
(gdb) frame 7
#7 0x00007f53e5fda2dc in destroy_zend_class (pce=<optimized out>) at /usr/src/debug/php-5.4.23/Zend/zend_opcode.c:296
296 zend_hash_destroy(&ce->function_table);
(gdb) frame 8
#8 0x00007f53e5ff1d68 in zend_hash_destroy (ht=0x7f53f72223c0) at /usr/src/debug/php-5.4.23/Zend/zend_hash.c:560
560 ht->pDestructor(q->pData);
(gdb) frame 9
#9 0x00007f53e5fe3d0d in zend_shutdown () at /usr/src/debug/php-5.4.23/Zend/zend.c:823
823 zend_hash_destroy(GLOBAL_CLASS_TABLE);
(gdb) frame 10
#10 0x00007f53e5f855ab in php_module_shutdown () at /usr/src/debug/php-5.4.23/main/main.c:2375
2375 zend_shutdown(TSRMLS_C);
(gdb) frame 11
#11 0x00007f53e5f85669 in php_module_shutdown_wrapper (sapi_globals=<optimized out>) at /usr/src/debug/php-5.4.23/main/main.c:2343
2343 php_module_shutdown(TSRMLS_C);
(gdb) frame 12
#12 0x00007f53e608ce91 in php_apache_child_shutdown (tmp=<optimized out>) at /usr/src/debug/php-5.4.23/sapi/apache2handler/sapi_apache2.c:398
398 apache2_sapi_module.shutdown(&apache2_sapi_module);
(gdb) frame 13
#13 0x00007f53f3d6773e in run_cleanups (cref=<optimized out>) at memory/unix/apr_pools.c:2352
2352 (*c->plain_cleanup_fn)((void *)c->data);
(gdb) frame 14
#14 apr_pool_destroy (pool=0x7f53f76404e8) at memory/unix/apr_pools.c:814
814 run_cleanups(&pool->cleanups);
Requests are:
GET /webmail/?/Raw/Thumbnail/11/...
GET /webmail/?/Raw/Download/9/..
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6167
|
| Posted: 12 March 2014 at 1:55am | IP Logged
|
|
|
Code:
Requests are:
GET /webmail/?/Raw/Thumbnail/11/... |
|
|
That particular request states that generating thumbnails was not disabled, they're still requested. Maybe there's something still in the cache somewhere.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 12 March 2014 at 11:26pm | IP Logged
|
|
|
I am sorry. That type of request (Raw/Thumbnail) was before disabling. Now there is only Raw/Download.
And what is that function: under Raw/Download? Is it possible to disable it?
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6167
|
| Posted: 13 March 2014 at 2:28am | IP Logged
|
|
|
That request simply means that user downloaded attachment from email message. There's nothing wrong with that request so you shouldn't need to disable it.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
marcele
Newbie
Joined: 15 March 2014
Location: Canada
Online Status: Offline
Posts: 21
|
| Posted: 15 March 2014 at 5:11am | IP Logged
|
|
|
We are seeing the exact same behavior using the latest afterlogic webmail lite (7.2.1).
Apache processes at 100% CPU with server status showing lots of requests:
afterlogic.webmail GET /?/Raw/Download/42/RcY7r_jaXXcQElPop3HRc-DHaoJ-OIBGEnAW5nbI
afterlogic.webmail GET /?/Raw/Download/226/NMeYfn8IGFwapJn1mHWbjDMx7Q7aID8qE2x7NdP
afterlogic.webmail GET /?/Raw/Download/226/NMeYfn8IGFwapJn1mHWbjDMx7Q7aID8qE2x7NdP
afterlogic.webmail GET /?/Raw/Download/42/RcY7r_jaXXcQElPop3HRc-DHaoJ-OIBGEnAW5nbI
The only way to fix it is to restart Apache.
|
| Back to Top |
|
| |
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 21 April 2014 at 7:13am | IP Logged
|
|
|
I looked through a dozen of coredumps. It seems to me, the error is always caused by function
"partialParseResponseBranch"
in file
"/var/www/webmail/libraries/MailSo/Imap/ImapClient.php"
the result is
#8 0x00007f7a09753607 in execute (op_array=0x7f7a1a111898) at /usr/src/debug/php-5.4.23/Zend/zend_vm_execute.h:410
410 if ((ret = OPLINE->handler(execute_data TSRMLS_CC)) > 0) {
|
| Back to Top |
|
| |
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 22 April 2014 at 11:02pm | IP Logged
|
|
|
some addition
(gdb) print op_array.function_name
$1 = 0x7f7a1a1083e8 "ResetTimeLimit"
(gdb) print op_array.filename
$3 = 0x7f7a1a0e8de8 "/var/www/webmail/libraries/MailSo/Base/Utils.php"
What is the function ResetTimeLimit?
Can I change it to
public static function ResetTimeLimit(&$iTimer, $iTimeToReset = 15, $iTimeToAdd = 0)
for example?
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6167
|
| Posted: 24 April 2014 at 2:07am | IP Logged
|
|
|
That function prolongs time allowed for script to run using standard set_time_limit function of PHP. It resets execution time before sending a request with fgets. You can set it to 0 of course, but it might cause issues if single request takes too long.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 24 April 2014 at 2:31am | IP Logged
|
|
|
Thanks.
So, I caught the guy who do it, right now. I have all kind of log activities. What do you need to understand what does he doing?
So it was not cycling or hanging. Some guy send requests sometimes. I want to understand how can he overload my cpu with webmail.
By the way, I cannot get user activity log from adminpanel: "Log file can't be read". How can I correct it?
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6167
|
| Posted: 24 April 2014 at 2:41am | IP Logged
|
|
|
We can look into this if you provide us with the logs, you can post those via HelpDesk. If the issue is limited to specific user account, login details of that account could help. Still the chances of finding a reason are rather slim, of course.
The "Log file can't be read" thing is usually about permissions, make sure the data directory is set recursively writable for web server.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
andlis
Newbie
Joined: 16 October 2013
Online Status: Offline
Posts: 29
|
| Posted: 24 April 2014 at 3:02am | IP Logged
|
|
|
Well I posted. Thank you
No.. Data Directory is OK.. What is the name of user activity log file by Default?
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6167
|
| Posted: 24 April 2014 at 3:56am | IP Logged
|
|
|
The name looks like event-YYYY-MM-DD.txt and the pattern can be redefined in data/settings/config.php file. But in fact, looks like user activity logging was never implemented in version 7.*, I've notified the developers on this.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
Niyi
Newbie
Joined: 18 August 2014
Online Status: Offline
Posts: 6
|
| Posted: 18 August 2014 at 6:20am | IP Logged
|
|
|
Hello,
Was there a solution to this? I am also experiencing the same with the version 7.3
|
| Back to Top |
|
| |
MailBee.NET Objects 
MailBee.NET Queue 
MailBee Objects 
WebMail Pro PHP 
AfterLogic Aurora 
MailSuite Pro for Linux 
Unified Messaging Solution 
Search
Register
Login
Topic: CPU overload
Privacy policy |
Refund policy