Preliminaries:
+ CentOS 5
+ Plesk 10.4.4 Update #35

Problem: During the addition/alteration of a new domain/host in plesk, it will normally write new or update apache vhost config files and then restart the apache service. The updating rewriting seems to go fine, there are no errors in the files, however lately apache fails to restart after shutting down due to the unavailability of port 80, further examination via “netstat -tulpn…” shows the following…

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 :::80                       :::*                        LISTEN      25794/PDFLUSH
tcp        0      0 :::443                      :::*                        LISTEN      25794/PDFLUSH

You can see that PDFLUSH is occupying a high process ID but is sitting on both 80 and 443 which prevents apache from coming back up. I’m having to manually get the PID and issue a kill before I can run “service httpd start” again to get apache up.

In my searching, I’ve seen an old reference to someone being hacked but I can find any similar symptoms, and honestly I don’t know what to look for in the logs or which log file to look at specifically. I’ve also heard that this could be a symptom of failing memory but I don’t know how to test memory on a production server.

Please, any help would be greatly appreciated, my heart sinks every time I get an SMS that the servers down again!

EDIT
It’s happened again by simply adding a subdomain, however this time I was able to run a ps -aux quickly prior to killing the PDFLUSH instance and bringing back up apache…

apache … ./PDFLUSH -b service.config

Trying to search out the location of that now…