[cobalt-users] (no subject)

["Oliver Schlag \(privat\)" <chairman@xxxxxxxx>]

Hy together,

perhaps you may help me. Our Raq stopped working correctly on Saturday
evening.

First nothing runs, then the webserver came back, then sendmail and qpopper.
We were able to send mail and recive them. But we were not able to log in
via ftp or telnet. (The Admin GUI is not running at our servers so we
could'nt check it) On Sunday morning we were able to recive mail but not
able to send - relaying denied -.  Then the webserver stopped responding,
for round about 5 hours. after that he was acting normal, but no mail, ftp,
telnet. Today we recive the message "Maximum open files..."

After a reboot all is working correctly. Ok for all of us who belive in
hackers :-), there are no entry's in .bash_history for root, and a clean
copy of chkrootkit didn't find anything suspicious. We're running bind
9.1.0, apache 1.3.14 and proftpd 1.2.0rc3. The log file displays the
following :

Feb 24 20:50:31 xxxxxxxx kernel: VM: killing process crond
Feb 24 20:50:33 xxxxxxxx kernel: VM: killing process named
Feb 24 20:50:33 xxxxxxxx kernel: VM: killing process poprelayd
Feb 24 20:51:09 xxxxxxxx PAM_pwdb[28758]: (login) session opened for user
admin by (uid=0)
Feb 24 20:51:46 xxxxxxxx kernel: VM: killing process perl

And here we restarted it.

Feb 26 15:55:33 xxxxxxxx syslogd 1.3-3: restart.
Feb 26 15:55:34 xxxxxxxx modprobe: can't locate module block-major-22

The nameserver was up all time and sendmail was able to recive mails at all
time. The mysql deamon crashed sunday morning, but there are no log entry's
or anything else. Thats very confuding for me.

Thanks a lot
Oliver

P.S. To all hackers : This is not my business email adress, so don't try to
hack this system, or try it. It's not mine :-)