The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Easiest way to see who's causing the load.

Discussion in 'General Discussion' started by awells, Apr 16, 2006.

  1. awells

    awells Member

    Joined:
    Mar 18, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Just today somebody signed up on my hosting server, and the server load soared to over 20. I could barely log in to do a forced reboot. After that, everything seemed to calm down, but I would like to know what user caused that server overload. I was on the CPU usage page (when it could load), and it didn't seem to tell me much as to what user was causing the heavy load.

    One more thing, I got a weird alert today that said the following:
    ----------------------
    This alert is to notify the addressed users of new server sockets. New server sockets can indicate server-software that has been started on your host, or otherwise be an indication to malicious activity. It is advised to review this alert and investigate if needed.

    Following is a summary of new Internet Server Sockets:
    > > tcp 0 0 0.0.0.0:1 0.0.0.0:* LISTEN 3885/portsentry
    > > tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3885/portsentry
    ----------------------

    I'm not really sure on how I should go about investigating this. I made no recent changes. This email came in after I rebooted the server.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    There's nothing you can do within WHM, you'd need to go into shell and track down what processing are consuming resources.

    The message you've quoted is from an application you've installed from rfxnetworks.com ans isn't part of cPanel, it's conflicting with portsentry which is meant to attach to unused ports.
     
  3. awells

    awells Member

    Joined:
    Mar 18, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Ok, thanks for the info.
     
  4. celliott

    celliott Well-Known Member

    Joined:
    Jan 2, 2006
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Rebooting a server when you have high load isnt going to help in the long run, generally it only fixed something temporarily. You should have waited, got into ssh and as Chirpy said see whats causing the problem.
     
  5. HostEmergency

    HostEmergency Well-Known Member

    Joined:
    Jun 15, 2004
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    BC, Canada
    I have the same issue except the server load was at 40.42 .
    the TOP process in ssh didn't tell me anything really.
    My server does this every couple of hours when server load runs up then crashes the server. Its a 3GHz P4 HT with 1 GB of ram and 10mbps connection. I can't seem to find the source myself either.
     
  6. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    in addition to top use these tools

    ps auxf
    strace -p <pid>
    lsof -p <pid>
     
Loading...

Share This Page