FTP using all of CPU Resources

[NewGeneral]

Hello,

I recently started using FTP on my Freenas (11) box. I spent a considerable amount of time getting the DNS figured out but I finally got it working. However, now when I look at the reports in the gui it shows the cpu is at 100%. When I ssh into the machine and run top, it says the user 'ftp' is using 380% of the CPU (i3 6300) and under the command column it just says 'r'. What's weird is that I stopped the ftp service but nothing slowed down.

I have no idea what's going on or even how to monitor this...

 

[dlavigne]

Start by providing the requested data: system build (System -> Information) and hardware specs.

 

[NewGeneral]

I attached the System Info.

It has an Intel i3 6300 CPU, 16 GB Kingston Value ECC Ram, 5x4TB HGST DeskStar NAS 3.5" 4TB 7200 RPM 128MB Cache SATA 6.0Gb/s.

I have some CIFS Shares, sickrage, transmission, emby, couchpotato, headphones, nextcloud, and a virtual Webserver (Ubuntu) on it but that hasnt ever impacted performance before

 

[NewGeneral]

I also have a ASRock - E3V5 WS ATX LGA1151 Motherboard and 1 SanDisk - SSD PLUS 120GB 2.5" Solid State Drive for Jails

 

[dlavigne]

I attached the System Info.

It has an Intel i3 6300 CPU, 16 GB Kingston Value ECC Ram, 5x4TB HGST DeskStar NAS 3.5" 4TB 7200 RPM 128MB Cache SATA 6.0Gb/s.

I have some CIFS Shares, sickrage, transmission, emby, couchpotato, headphones, nextcloud, and a virtual Webserver (Ubuntu) on it but that hasnt ever impacted performance before

You might be overloading the hardware. Anything in /var/log/messages when the FTP service is using that much CPU?

 

[NewGeneral]

The only thing I'm seeing for ftp are some messages that say "unexpected OpenSSL error, disconnecting". I am seeing a bunchhhhhhhhh of sshd errors saying "maximum authentication attempts exceeded for root from <IP address> port <number> ssh2 [preauth]". They're all the same IP but different ports. Does that mean someone was trying to brute force into my server?

 

[dlavigne]

The only thing I'm seeing for ftp are some messages that say "unexpected OpenSSL error, disconnecting". I am seeing a bunchhhhhhhhh of sshd errors saying "maximum authentication attempts exceeded for root from <IP address> port <number> ssh2 [preauth]". They're all the same IP but different ports. Does that mean someone was trying to brute force into my server?

Yeah, that would do it. I take it the system is open to the Internet, unprotected by a firewall?

 

[NewGeneral]

NO!... ok yes. I actually have been using default ports for a lot of things. I was gonna change that, when I got around to it, which I guess has to be now...

 

[SweetAndLow]

NO!... ok yes. I actually have been using default ports for a lot of things. I was gonna change that, when I got around to it, which I guess has to be now...

Default ports has nothing to do with it. Opening up the system to be accessed from the internet is the problem. That is something you don't do.

 

[NewGeneral]

Default ports has nothing to do with it. Opening up the system to be accessed from the internet is the problem. That is something you don't do.

Oh... I see. So I should open the jails like NextCloud to the internet but not the FreeNas box itself?

 

[SweetAndLow]

Oh... I see. So I should open the jails like NextCloud to the internet but not the FreeNas box itself?

You open a single port for next cloud but some would argue that even that is too much. And in this case since there is some education that needs to happen I would suggest not opening anything on your network until you understand what it means and how it works.

 

[NewGeneral]

You open a single port for next cloud but some would argue that even that is too much. And in this case since there is some education that needs to happen I would suggest not opening anything on your network until you understand what it means and how it works.

Thank you. I'll definitely look more into my firewall settings and which ports I have opened.