Matt Clawson Posted January 14, 2019 Share Posted January 14, 2019 Hello! I'm having a problem with my server where numerous cores max out to 100% and never come back to idle. I've already deleted and re-installed all my dockers and apps which did not fix the problem. I cannot correlate the issue to anything specific. Running Top and Netdata I see the following: Log File: ErrorWarningSystemArrayLogin Jan 14 16:43:07 UnRaid sshd[40569]: Accepted none for root from 218.92.1.142 port 33371 ssh2 Jan 14 16:43:07 UnRaid sshd[40569]: Received disconnect from 218.92.1.142 port 33371:11: Jan 14 16:43:07 UnRaid sshd[40569]: Disconnected from user root 218.92.1.142 port 33371 Jan 14 16:43:08 UnRaid login[40630]: ROOT LOGIN on '/dev/pts/4' Jan 14 16:43:09 UnRaid telnetd[39001]: ttloop: peer died: EOF Jan 14 16:43:09 UnRaid in.telnetd[40673]: connect from 223.79.160.38 (223.79.160.38) Jan 14 16:43:47 UnRaid telnetd[40673]: ttloop: peer died: EOF Jan 14 16:43:47 UnRaid in.telnetd[41854]: connect from 223.79.160.38 (223.79.160.38) Jan 14 16:44:02 UnRaid sshd[42599]: Accepted none for root from 218.92.1.142 port 17803 ssh2 Jan 14 16:44:03 UnRaid sshd[42599]: Received disconnect from 218.92.1.142 port 17803:11: Jan 14 16:44:03 UnRaid sshd[42599]: Disconnected from user root 218.92.1.142 port 17803 Jan 14 16:44:24 UnRaid telnetd[41854]: ttloop: peer died: EOF Jan 14 16:44:24 UnRaid in.telnetd[43498]: connect from 223.79.160.38 (223.79.160.38) Jan 14 16:45:00 UnRaid telnetd[43498]: ttloop: peer died: EOF Jan 14 16:45:00 UnRaid in.telnetd[45017]: connect from 223.79.160.38 (223.79.160.38) Jan 14 16:45:03 UnRaid sshd[45104]: Accepted none for root from 218.92.1.142 port 53068 ssh2 Jan 14 16:45:03 UnRaid sshd[45104]: Received disconnect from 218.92.1.142 port 53068:11: Jan 14 16:45:03 UnRaid sshd[45104]: Disconnected from user root 218.92.1.142 port 53068 Jan 14 16:45:35 UnRaid telnetd[45017]: ttloop: peer died: EOF Jan 14 16:45:36 UnRaid in.telnetd[46555]: connect from 223.79.160.38 (223.79.160.38) Jan 14 16:46:01 UnRaid sshd[47529]: Accepted none for root from 218.92.1.142 port 37444 ssh2 Jan 14 16:46:01 UnRaid sshd[47529]: Received disconnect from 218.92.1.142 port 37444:11: Jan 14 16:46:01 UnRaid sshd[47529]: Disconnected from user root 218.92.1.142 port 37444 Jan 14 16:46:11 UnRaid telnetd[46555]: ttloop: peer died: EOF Jan 14 16:46:11 UnRaid in.telnetd[47834]: connect from 223.79.160.38 (223.79.160.38) Jan 14 16:46:16 UnRaid sshd[4192]: Received disconnect from 64.113.32.29 port 38126:11: FlowSshClientSession: disconnected on user's request Jan 14 16:46:16 UnRaid sshd[4192]: Disconnected from user ftp 64.113.32.29 port 38126 Jan 14 16:46:46 UnRaid sshd[435]: Invalid user from 5.101.40.166 port 60882 Jan 14 16:46:46 UnRaid sshd[435]: error: Could not get shadow information for NOUSER Jan 14 16:46:46 UnRaid sshd[435]: Failed password for invalid user from 5.101.40.166 port 60882 ssh2 Jan 14 16:46:46 UnRaid sshd[435]: Connection closed by invalid user 5.101.40.166 port 60882 [preauth] Jan 14 16:46:52 UnRaid telnetd[47834]: ttloop: peer died: EOF Jan 14 16:46:52 UnRaid in.telnetd[570]: connect from 223.79.160.38 (223.79.160.38) Jan 14 16:46:58 UnRaid sshd[675]: Accepted none for root from 218.92.1.142 port 26066 ssh2 Jan 14 16:46:58 UnRaid sshd[675]: Received disconnect from 218.92.1.142 port 26066:11: Jan 14 16:46:58 UnRaid sshd[675]: Disconnected from user root 218.92.1.142 port 26066 Jan 14 16:47:29 UnRaid telnetd[570]: ttloop: peer died: EOF Jan 14 16:47:29 UnRaid in.telnetd[2235]: connect from 223.79.160.38 (223.79.160.38) Jan 14 16:47:55 UnRaid sshd[3181]: Accepted none for root from 218.92.1.142 port 18752 ssh2 Jan 14 16:47:56 UnRaid sshd[3181]: Received disconnect from 218.92.1.142 port 18752:11: Jan 14 16:47:56 UnRaid sshd[3181]: Disconnected from user root 218.92.1.142 port 18752 I'm looking for ideas to correct this issue. Thanks! Matt Gigabyte GA-7PESH2 2x Intel Xeon 2690v2 128gb DDR3 ECC Ram 1x 10 TB Parity 1x 10 TB 7x 6 TB 4x 4TB 2x 2TB 1x Samsung 950 Pro 512 GB Cache 1x Samsung 960 NVME 512GB - Unassigned Quote Link to comment
jonp Posted January 14, 2019 Share Posted January 14, 2019 In addition, when readding your containers after deleting them all, it is highly recommended to only add them one at a time until you discover which one is causing the issue. Sent from my Pixel 3 XL using Tapatalk Quote Link to comment
Squid Posted January 14, 2019 Share Posted January 14, 2019 (edited) 1 hour ago, Matt Clawson said: Jan 14 16:47:55 UnRaid sshd[3181]: Accepted none for root from 218.92.1.142 port 18752 ssh2 China 1 hour ago, Matt Clawson said: Jan 14 16:46:16 UnRaid sshd[4192]: Disconnected from user ftp 5.101.40.166 port 38126 Ruskies 1 hour ago, Matt Clawson said: Jan 14 16:46:16 UnRaid sshd[4192]: Received disconnect from 64.113.32.29 port 38126:11: FlowSshClientSession: disconnected on user's request USA (Actually, some farmer in Wichita, KS) Are you teleporting and/or trying to give user's access to your machine? Or (more likely), you've forwarded 443 from your router to directly to the server and/or have the server sitting in a DMZ. Don't do this. Use a VPN instead or the Let'sEncrypt / nginx Proxy Manager containers to accomplish what you're trying to do. Also, according to your top screenshot, bash is using 3002% of the CPU, and that is probably all related to the above, and nothing to do with your containers. Edited January 14, 2019 by Squid 1 Quote Link to comment
Matt Clawson Posted January 15, 2019 Author Share Posted January 15, 2019 I'm not teleporting, or at least I don't think i have anything setup for that. I think the only access to the server is through Plex Remote Access with a single open port at 32400 (fairly usual for that.) I'll look into the VPN function to stop that. Attached is the diagnostics for further research. Matt unraid-diagnostics-20190114-2037.zip Quote Link to comment
Hoopster Posted January 15, 2019 Share Posted January 15, 2019 39 minutes ago, Matt Clawson said: I think the only access to the server is through Plex Remote Access with a single open port at 32400 (fairly usual for that.) Run the port probes from this website to see how secure your server is and what ports might be exposed over the Internet. Click on the Proceed button and run the Common Ports and All Service Ports scans. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.