The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpu load

Discussion in 'Workarounds and Optimization' started by GaryT, Jul 19, 2010.

  1. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
    A client has suddenly started to have HUGE cpu usuage.
    I cannot figure out whats causing it or what file, I clicked TRACE but it shown me alot of gibberish - Any suggestions what I need to look for.
     
  2. madaboutlinux

    madaboutlinux Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    1,052
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Earth
    You need to find out the exact domain first to narrow down the investigation. If the load average goes high again, execute the following commands and paste the output here:

     
  3. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
    Finished work and came on and it was fine, I emailed them asking to revert the changes they did, so they must have added something.

    Anyway - Once I find the user with the load - How would I check where its actually coming from, what PHP file.

    see I use TOP and it shows them all and what there using ect. The cmd you gave does also but if I wanna check futher to the exactl PHP file causing it what would I do.
     
  4. qisback

    qisback Member

    Joined:
    Aug 16, 2009
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    To solve this problem on my own servers I installed suphp.

    If you have suphp installed and enabled it shows the php file running as the actual user rather than "nobody". This also allows for the implementation of script execution times, i.e. they could be restricted to only run a php file for 30 seconds.

    i.e. by running "top" you will see the actual username running the php file.

    Then you have 2 ways to find out the actual file name in use, either:

    note the PID from top and track it through something like "ps -auxf | grep <PID>"
    i.e.
    Code:
    #ps -auxf  | grep 29721
    
    <username>      29721  0.4  0.3 126044 12748 ?        S    11:35   0:00      \_ /usr/bin/php /home/<username>/public_html/somefile.php
    .
    
    or press "c" whilst in top and it will show the full path of the file.
    i.e.
    Code:
    #top
      PID USER           PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
    
    29721 <username>     15   0  123m  12m 8472 S  1.7  0.3   0:00.05 /usr/bin/php /home/<username>/public_html/somefile.php
    .
    
    This is however assuming that the load is being caused by a php script, and not by anything else. i.e. perl, bash, etc.

    You could find that the users site might have been compromised and that they're actually running something "shell" side, i.e. perl bots etc.

    The latest example of this would be the huge influx of e107 sites being compromised through the contacts.php page and then launching bot.pl from /tmp for a few hours at a time as the user nobody.

    I would check your /tmp for anything strange, and implement suphp if you haven't already.
    However please read up on suphp before installing it as there are some distinct differences between the implementations of php.

    I hope this helps, and good luck!
     
    #4 qisback, Jul 21, 2010
    Last edited: Jul 21, 2010
  5. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
    Hello and thanks for the reply.

    I'am also using Litespeed PHP - This also shows the temport location, but the problem on the site is IPB releated.

    I did want to try suPHP but - some reason when I build the apache - and enable suphp and mod suphp - once built and I select suPHP nothing loads, No sites or anything !

    Its very strange indeed.

    The only addeons I use in apache is mem cache, disc cache, file cace, mode security, eaccelerator, bzip, fast cgi, mod fcgi and a few others what are alread enabled as default ( orange )

    It baffles me at times.

    Its all running fine now though, I just wish some how I can limit accounts CPU load, if something on a forum goes wrong then it wont affect anyone else.
     
  6. qisback

    qisback Member

    Joined:
    Aug 16, 2009
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    In which case lets see if we can't sort your suphp problem out, as I think this might help solve your original question.

    The basic steps for this are:

    - Use easyapache to compile "Mod SuPHP"
    - Configure suphp as your default handler
    - Restart httpd
    - Monitor /usr/local/apache/logs/suphp_log for errors
    - Have a headache with all the file permissions (files MUST be owned by the user, scripts have a maximum permission of 644 and folders of 755)

    Now for more detailed instructions, I personally use the ssh method however I will describe the WHM gui method best I can from memory.

    SSH - With Root Privs


    start easyapache
    Code:
    /scripts/easyapache
    You will see a text based version of easyapache. Use tab and enter to navigate through. When you reach the modules screen select "Exhaustive Options List", navigate to "Mod SuPHP" and press space to select. Save and Build

    Once built you will need to enable it.

    assuming your using php 5 the command line needed should look something like
    Code:
    /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1
    verify the change
    Code:
    #/usr/local/cpanel/bin/rebuild_phpconf –current
    
    Available handlers: suphp dso cgi none
    DEFAULT PHP: 5
    PHP4 SAPI: none
    PHP5 SAPI: suphp
    SUEXEC: enabled
    and now restart the httpd service

    Code:
    /scripts/restartsrv_httpd

    WHM Gui

    Start easyapache
    Code:
    Main >> Software >> EasyApache (Apache Update)
    
    Run through he configuration options

    Code:
    Previously Saved Config -> Start Customizing based On Profile
    -> Select Apache Version -> Next Step -> Select PHP Version
    -> Next Step -> Select Exhaustive Options List
    -> Select "Mod SuPHP" -> Next Step -> Save and Build
    Enable suphp
    Code:
    Main >> Service Configuration >>
    Apache Configuration >> PHP and SuExec Configuration
    
    Set PHP <version> handler -> suphp
    
    Save New Configuration
    You can monitor the suphp for errors using something like tail
    Code:
    tail -n50 /usr/local/apache/logs/suphp_log
    or tail to follow updates to the file ("live view")
    Code:
    tail /usr/local/apache/logs/suphp_log
    This is just a rough guide and I might have missed something out, however there are a huge amount of guides on this.

    The main problem you are likely to run into is "blank" and "broken" websites, most of the time these are related to permission errors.

     
  7. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
    I done most of that you said, The problem is user permissions. I can change them very easily but the problem is telling clients what the permissions are, Mainly as all applications such as IPB, VB give the instructions for 755 and 777 based permissions, They will not know that this has to be changed to something different. This is the idea I don't like.

    I have gone back to step one.

    fastCGI - eAccelerator / OPCode and Litespeed PHP - I have optimized this to the very best I could same with the mysql.

    Now, Mainly I test this when bored, Now dont get me wrong things are running extremely well, 70+ IPB boards - 10+ wordpress and around 9VB boards, Loads, Well, They peak at an average 0.10 to 0.50 - Mem usuage, No swap used and averaging around 9% based on 4GB ram.

    Obviously my idea is based on more security, But speeds aswell is a MUST so I choose the above for speeds. Litespeed provides the security so I'm happy, But I do like to learn more!

    I do appreciate your replies guys.
     
Loading...

Share This Page