Lot of PHP processes
-
Hi
i am running 2.3-RELEASE (amd64)
built on Mon Apr 11 18:10:34 CDT 2016
FreeBSD 10.3-RELEASEbut when i do a TOP i see this and maybe a lot more php's
18292 root 3 40 20 1312M 707M sbwait 1 35:04 2.69% snort
57638 root 1 52 0 262M 35748K accept 0 0:00 0.39% php-fpm
18661 root 2 40 20 857M 456M nanslp 3 325:32 0.00% snort
18859 root 1 20 0 16676K 2744K bpf 1 13:47 0.00% filterlog
50237 root 1 20 0 224M 34120K nanslp 2 12:27 0.00% php
7977 root 1 20 0 224M 34136K nanslp 1 12:26 0.00% php
49823 root 1 20 0 224M 34136K nanslp 2 12:25 0.00% php
31236 root 1 20 0 224M 34108K nanslp 0 12:19 0.00% php
24484 root 1 20 0 224M 34080K nanslp 1 12:16 0.00% php
14219 root 1 20 0 224M 34092K nanslp 1 12:16 0.00% php
31160 root 1 20 0 224M 34128K nanslp 0 12:15 0.00% php
66238 root 1 20 0 224M 34104K nanslp 1 12:15 0.00% php
75871 root 1 20 0 224M 34104K nanslp 3 12:14 0.00% php
13952 root 1 20 0 224M 34136K nanslp 3 12:14 0.00% php
83219 root 1 20 0 224M 34152K nanslp 2 12:14 0.00% php
6850 root 1 20 0 224M 34148K nanslp 3 12:13 0.00% php
93653 root 1 20 0 224M 34076K nanslp 3 12:13 0.00% php
80756 root 1 20 0 224M 34148K nanslp 3 12:13 0.00% php
9774 root 1 20 0 224M 34116K nanslp 0 12:12 0.00% php
20323 root 1 20 0 224M 34152K nanslp 0 12:08 0.00% php
27378 root 1 20 0 224M 34132K nanslp 0 12:07 0.00% php
35122 root 1 20 0 224M 34136K nanslp 1 12:07 0.00% php
94768 root 1 20 0 224M 34152K nanslp 0 12:06 0.00% php
94540 root 1 20 0 224M 34160K nanslp 3 12:06 0.00% php
96485 root 1 20 0 224M 34152K nanslp 0 12:05 0.00% php
44822 root 1 20 0 224M 34156K nanslp 2 12:04 0.00% php
3795 root 1 20 0 224M 34152K nanslp 0 12:04 0.00% php
49130 root 1 20 0 224M 34144K nanslp 0 12:03 0.00% php
34714 root 1 20 0 224M 34148K nanslp 0 12:02 0.00% php
43064 root 1 20 0 224M 34156K nanslp 3 11:32 0.00% php
17358 root 1 20 0 224M 34124K nanslp 0 11:32 0.00% php
53647 root 1 20 0 224M 34152K nanslp 0 11:31 0.00% php
53053 root 1 20 0 224M 34144K nanslp 0 11:31 0.00% php
38852 root 1 20 0 224M 34136K nanslp 1 11:30 0.00% php
36567 root 1 20 0 224M 34144K nanslp 1 11:30 0.00% php
10193 root 1 20 0 224M 34128K nanslp 0 11:29 0.00% php
43540 root 1 20 0 14516K 2316K select 0 11:01 0.00% syslogd
57781 root 1 20 0 224M 34080K nanslp 2 10:10 0.00% php
36751 root 1 20 0 224M 34088K nanslp 0 10:09 0.00% php
88497 root 1 20 0 224M 34092K nanslp 2 10:09 0.00% php
84759 root 1 20 0 224M 34084K nanslp 0 10:07 0.00% php
57495 root 1 20 0 224M 34084K nanslp 3 10:07 0.00% php
88021 root 1 20 0 224M 34072K nanslp 3 10:05 0.00% php
194 root 1 20 0 224M 34068K nanslp 0 10:04 0.00% php
43344 root 1 20 0 224M 34076K nanslp 0 10:02 0.00% php
17042 root 1 20 0 224M 34084K nanslp 0 10:01 0.00% php
19150 root 1 20 0 224M 34080K nanslp 3 9:59 0.00% php
32829 root 1 20 0 224M 34080K nanslp 2 9:59 0.00% php
41287 root 1 20 0 224M 34088K nanslp 1 9:59 0.00% php
38403 root 1 20 0 224M 34048K nanslp 0 9:27 0.00% php
38608 root 1 20 0 224M 34024K nanslp 3 9:26 0.00% php
51207 root 1 20 0 224M 34016K nanslp 0 9:26 0.00% php
81867 root 1 20 0 224M 34016K nanslp 3 9:25 0.00% php
61068 root 1 20 0 224M 34048K nanslp 1 9:25 0.00% php
4907 root 1 20 0 224M 34004K nanslp 2 9:24 0.00% phpdue to that my load is also much higher then normal. i never seen this before. started to see it after the upgrades.
-
Well that must be from some package your running.. Maybe snort that I see your running..
-
Well that must be from some package your running.. Maybe snort that I see your running..
Yes i have snort running as wel as pfblocker.
i disabled both now. snort still seems to be in the service list as running while its all stopped.
WAN DISABLED AC-BNFA ENABLED DISABLEDbut i still see all the php.
I did a restart of the router and they are all gone now. Lets see if it gets back or not.
I did update pfblockerng like 2 or 3 times since 2.3 might be something got stuck or so.
-
well did you reboot?? What I can tell you is I don't see any php running on my pfsense 2.3
-
well did you reboot?? What I can tell you is I don't see any php running on my pfsense 2.3
Yes i just did a reboot. Might be a update of 1 of the plugins that caused this because i never had it before 2.3 like this.
this is a image as you see it increases the processes starting about
16-04-2016 -
update 1? You mean 2.3_1 that was a ntpd update… Yes I am running it.. You have some package doing it plain and simple..
-
update 1? You mean 2.3_1 that was a ntpd update… Yes I am running it.. You have some package doing it plain and simple..
i guessed as much yes
the only packages i have areCron
openvpn-client-export
pfBlockerNG.
Service_Watchdog
snort securitythe one that got updated a few times is PFblocker.
-
Well I can tell you the packages that I have that match yours are not doing it ;)
I have the following packages..
-
Run the following commands:
For Snort, you should see one process per defined Snort Interface(s):
ps auxww | grep snortFor pfBlockerNG, There should only be two processes (only if DNSBL is enabled):
ps auxww | grep pfb root 39809 0.0 0.2 40364 6680 - S 29Apr16 1:15.90 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf root 40773 0.0 0.4 251152 12880 - S 29Apr16 3:30.45 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsblNeed to do a process of elimination… Disable package services. Reboot... check if you still have the issue.... then add one package .... rinse and repeat ...
-
Run the following commands:
For Snort, you should see one process per defined Snort Interface(s):
ps auxww | grep snortFor pfBlockerNG, There should only be two processes (only if DNSBL is enabled):
ps auxww | grep pfb root 39809 0.0 0.2 40364 6680 - S 29Apr16 1:15.90 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf root 40773 0.0 0.4 251152 12880 - S 29Apr16 3:30.45 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsblNeed to do a process of elimination… Disable package services. Reboot... check if you still have the issue.... then add one package .... rinse and repeat ...
i see there are 2 php processes again.
disabling and rebooting each times costs way to much time that my network/server would be offline.
as i said i never had the problem before 2.3_1 and i also never changed packaged still the same setting/packages.
Problem is it takes a while before it shows it self again.
and i rather dont run it without those 2 packages.
ps auxww | grep snort root 99802 19.4 5.6 877940 460720 - Ss 3:27PM 27:43.56 /usr/local/bin/snort -R 46905 -D -l /var/log/snort/snort_igb146905 --pid-path /var/run --nolock-pidfile -G 46905 -c /usr/local/etc/snort/snort_46905_ igb1/snort.conf -i igb1 root 63597 1.2 8.1 1326116 670292 - Is 3:33PM 12:11.00 /usr/local/bin/snort -R 19237 -D -l /var/log/snort/snort_igb019237 --pid-path /var/run --nolock-pidfile -G 19237 -c /usr/local/etc/snort/snort_19237_ igb0/snort.conf -i igb0 root 42264 0.0 0.0 18740 2244 0 S+ 10:46PM 0:00.00 grep snortroot 28722 0.0 0.4 229204 33084 - S 9:47PM 0:03.15 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl root 28771 0.0 0.4 229204 33104 - S 9:47PM 0:03.16 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl root 91567 0.0 0.1 44340 6220 - S 3:25PM 0:00.88 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf root 78542 0.0 0.0 18740 2240 0 S+ 10:47PM 0:00.00 grep pfbWhen i update pfblocker and use reload all.
i see a PHP process pop up and once the reload is done its gone again.is it possible the php's one are stray ones that didn't want to close/end correctly?
