server load too higher , often !!

[ppopcn]

this time , my server load is :: 10:43:48 up 2 days, 18:00, 1 user, load average: 13.70, 8.66, 9.02

so i login my WHM ==> Show Current CPU Usage
----------------------------------------------
Pid Owner Priority Cpu % Mem % Command
27868 nobody 0 1 0.7 /usr/local/apache/bin/httpd -DSSL
18234 mysql 0 1 9.6 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/server.domain.org.pid --skip-external-locking
22049 nobody 0 1 0.7 /usr/local/apache/bin/httpd -DSSL
27859 nobody 0 1 0.7 /usr/local/apache/bin/httpd -DSSL
5227 nobody 0 1 0.7 /usr/local/apache/bin/httpd -DSSL
15990 nobody 0 1 0.7 /usr/local/apache/bin/httpd -DSSL
19735 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
24556 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
23741 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
24509 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
24519 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
27847 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
1717 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
5605 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
5614 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
5623 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
9301 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
12198 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
20070 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
15551 nobody 0 0 0.6 /usr/local/apache/bin/httpd -DSSL
15561 nobody 0 0 0.6 /usr/local/apache/bin/httpd -DSSL
15579 nobody 0 0 0.6 /usr/local/apache/bin/httpd -DSSL
15955 root 0 0 0.2 top -n 2 -b -c
1 root 0 0 0.1 init [3]
11307 root 0 0 0.1 syslogd -m 0
12236 named 0 0 0.7 /usr/sbin/named -u named
15858 root 0 0 0.1 /usr/sbin/courierlogger -pid=/var/spool/authdaemon/pid -facility=mail -start /usr/libexec/courier-authlib/authdaemond
15861 root 0 0 0.1 /usr/libexec/courier-authlib/authdaemond
15867 root 0 0 0.1 /usr/libexec/courier-authlib/authdaemond
15875 root 0 0 0.1 /usr/libexec/courier-authlib/authdaemond
15877 root 0 0 0.1 /usr/libexec/courier-authlib/authdaemond
15881 root 0 0 0.1 /usr/libexec/courier-authlib/authdaemond
15900 root 0 0 0.1 /usr/libexec/courier-authlib/authdaemond
1526 root 0 0 0.2 /usr/sbin/sshd
1611 root 0 0 0.2 xinetd -stayalive -pidfile /var/run/xinetd.pid
5240 root 0 0 0.1 /usr/sbin/courierlogger -pid=/var/run/imapd.pid -start -name=imapd /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=30 -nodnslookup -noidentlookup 143 /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/bin/imapd Maildir
5244 root 0 0 0.1 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=30 -nodnslookup -noidentlookup 143 /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/bin/imapd Maildir
5279 root 0 0 0.1 /usr/sbin/courierlogger -pid=/var/run/imapd-ssl.pid -start -name=imapd-ssl /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=30 -nodnslookup -noidentlookup 993 /usr/lib/courier-imap/bin/couriertls -server -tcpd /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/bin/imapd Maildir
5280 root 0 0 0.1 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=30 -nodnslookup -noidentlookup 993 /usr/lib/courier-imap/bin/couriertls -server -tcpd /usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/bin/imapd Maildir
5286 root 0 0 0.1 /usr/sbin/courierlogger -pid=/var/run/pop3d.pid -start -name=pop3d /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=30 -nodnslookup -noidentlookup 110 /usr/lib/courier-imap/sbin/pop3login /usr/lib/courier-imap/bin/pop3d Maildir
5287 root 0 0 0.1 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=30 -nodnslookup -noidentlookup 110 /usr/lib/courier-imap/sbin/pop3login /usr/lib/courier-imap/bin/pop3d Maildir
5313 root 0 0 0.1 /usr/sbin/courierlogger -pid=/var/run/pop3d-ssl.pid -start -name=pop3d-ssl /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=30 -nodnslookup -noidentlookup 995 /usr/lib/courier-imap/bin/couriertls -server -tcpd /usr/lib/courier-imap/sbin/pop3login /usr/lib/courier-imap/bin/pop3d Maildir
5314 root 0 0 0.1 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=30 -nodnslookup -noidentlookup 995 /usr/lib/courier-imap/bin/couriertls -server -tcpd /usr/lib/courier-imap/sbin/pop3login /usr/lib/courier-imap/bin/pop3d Maildir
8179 root 0 0 0.2 crond
16164 root 0 0 0.2 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 1
19687 root 0 0 0.1 /usr/sbin/portsentry -tcp
30189 root 0 0 0.4 smbd -D
30292 root 0 0 0.2 nmbd -D
32173 root 0 0 0.2 smbd -D
30174 nobody 0 0 0.3 proftpd: (accepting connections)
9982 root 0 0 3.8 /usr/sbin/clamd
10000 mailnull 0 0 0.2 /usr/sbin/exim -bd -oX 26
10036 mailnull 0 0 0.2 /usr/sbin/exim -bd -q60m
10078 mailnull 0 0 0.2 /usr/sbin/exim -tls-on-connect -bd -oX 465
11286 root 0 0 0.2 antirelayd
16121 root 0 0 1.0 cpbandwd
16292 root 19 0 2.8 cpanellogd - sleeping for logs
24476 root 0 0 1.6 /etc/authlib/authProg
7822 root 0 0 1.6 /etc/authlib/authProg
16298 root 0 0 1.6 /etc/authlib/authProg
30019 root 0 0 1.6 /etc/authlib/authProg
28350 root 0 0 1.6 /etc/authlib/authProg
25937 root 0 0 1.5 chkservd
24511 root 0 0 0.8 /usr/local/apache/bin/httpd -DSSL
17428 mailnull 0 0 1.0 eximstats
23605 root 0 0 1.5 cpsrvd - waiting for connections
18202 root 0 0 0.2 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-file=/var/lib/mysql/server.domain.org.pid
3940 root 0 0 1.1 lfd - sleeping
26441 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
11632 root 0 0 0.4 sshd: root@ttyp0
20451 root 0 0 0.3 -bash
5778 nobody 0 0 0.8 /usr/local/apache/bin/httpd -DSSL
7548 nobody 0 0 0.8 /usr/local/apache/bin/httpd -DSSL
12084 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
15631 nobody 0 0 0.8 /usr/local/apache/bin/httpd -DSSL
30216 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
30226 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
30551 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
30565 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
30566 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
30626 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
31952 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
7371 nobody 0 0 0.8 /usr/local/apache/bin/httpd -DSSL
8014 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
19596 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
6063 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
22040 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
23622 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
20247 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
21838 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
24520 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
24532 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
24533 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
24534 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
27860 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
27869 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
27870 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
27871 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
27884 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
28514 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
28536 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
32195 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
5613 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
5624 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
8083 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
9302 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
3965 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
16017 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
16041 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
20049 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
20057 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
20058 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
20072 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
13424 nobody 0 0 0.6 /usr/local/apache/bin/httpd -DSSL
13952 nobody 0 0 0.7 /usr/local/apache/bin/httpd -DSSL
14199 nobody 0 0 0.6 /usr/local/apache/bin/httpd -DSSL
15818 root 0 0 1.6 whostmgrd - serving 87.3.84.117
15820 root 0 0 4.7 /usr/local/cpanel/whostmgr/bin/whostmgr2 ./top

------------------------------------------
i cant found any Pid used more CPU and MEM.


can you tell me :: who is nobody ???

[WebScHoLaR]

nobody is the Apache user and seems your server is running PHP as an Apache module thats why all PHP processes will run under the ownership of Apache user nobody. Probably your server is getting high HTTP traffic so you need to find the site that is receiving that traffic. You can check the Apache Status for it from WHM >> Server Status >> Apache Status that which site is getting much hits.

[jayh38]

Along with WebScHoLaR's comments, what is the "top" of top information. cpu, ram, tasks, etc etc.

Juding by the web users in that snapshot, things may be well improved with a bit more ram (we could know for sure if we had all the top info) and some server tweaking. For all we know, you could be running mostly on a swap file.

Is this a vps?

[persianwhois]

Hello,
Maybe you DDOS attacked.
check your httpd request by:

Code:

lynx localhost/whm-server-status

[cancer10]

Hello,
Maybe you DDOS attacked.
check your httpd request by:

Code:

lynx localhost/whm-server-status

What will that command do and where do i type that command?

[persianwhois]

What will that command do and where do i type that command?

You must login to your server with ssh