Easiest way to see who's causing the load.


Mar 18, 2006
Just today somebody signed up on my hosting server, and the server load soared to over 20. I could barely log in to do a forced reboot. After that, everything seemed to calm down, but I would like to know what user caused that server overload. I was on the CPU usage page (when it could load), and it didn't seem to tell me much as to what user was causing the heavy load.

One more thing, I got a weird alert today that said the following:
This alert is to notify the addressed users of new server sockets. New server sockets can indicate server-software that has been started on your host, or otherwise be an indication to malicious activity. It is advised to review this alert and investigate if needed.

Following is a summary of new Internet Server Sockets:
> > tcp 0 0* LISTEN 3885/portsentry
> > tcp 0 0* LISTEN 3885/portsentry

I'm not really sure on how I should go about investigating this. I made no recent changes. This email came in after I rebooted the server.


Well-Known Member
Verifed Vendor
Jun 15, 2002
Go on, have a guess
There's nothing you can do within WHM, you'd need to go into shell and track down what processing are consuming resources.

The message you've quoted is from an application you've installed from rfxnetworks.com ans isn't part of cPanel, it's conflicting with portsentry which is meant to attach to unused ports.


Well-Known Member
Jan 2, 2006
United Kingdom
Rebooting a server when you have high load isnt going to help in the long run, generally it only fixed something temporarily. You should have waited, got into ssh and as Chirpy said see whats causing the problem.


Well-Known Member
Jun 15, 2004
BC, Canada
I have the same issue except the server load was at 40.42 .
the TOP process in ssh didn't tell me anything really.
My server does this every couple of hours when server load runs up then crashes the server. Its a 3GHz P4 HT with 1 GB of ram and 10mbps connection. I can't seem to find the source myself either.