High load on server caused by PHP-FPM

[anton_latvia]

The reason for the high load can be anything - not exactly FPM. High number indicates there are many active processes, so if PHP processes is locked in memory for some reason - it will add extra number there. The reason for the lock is not always obvious, although something you can clearly see and do. You should limit number of PHP-FPM processes. Slow log is a good stuff, but you should examine Apache status and see, if there is some IP or URL, that repeats - very often spammers or hijackers attack wordpress login scripts and that can easily generate this kind of load. Sometimes broken MySQL table can give troubles, especially on the old sites. If this has happenned just once - then most likely it was some sort of attack on some script.

 

[ziadmm0]

The reason for the high load can be anything - not exactly FPM. High number indicates there are many active processes, so if PHP processes is locked in memory for some reason - it will add extra number there. The reason for the lock is not always obvious, although something you can clearly see and do. You should limit number of PHP-FPM processes. Slow log is a good stuff, but you should examine Apache status and see, if there is some IP or URL, that repeats - very often spammers or hijackers attack wordpress login scripts and that can easily generate this kind of load. Sometimes broken MySQL table can give troubles, especially on the old sites. If this has happenned just once - then most likely it was some sort of attack on some script.

Yes you are right. It was brute-force attack.
I installed mod_evasive and I have added some security codes in PHP and everything is good now.

Thank you all for your help. I will save this page for future using.

Peace.

 

[cPanelLauren]

Thank you @Jcats for all the advice in this thread! @ziadmm0 I'm glad to see you were able to find a solution that resolved the issue - please don't hesitate to let us know if you have any further questions or concerns or if you run into any further issues!

 

[MikePav]

Jcats solution worked for me. Thanks for the walk-though on this, my server load has decreased significantly.

My only issue is I cannot dive into the cause deeper because my access-logs folder does not have any files associated with my domains, or any files period, and when I try to create a new log file, I get an error.

ERROR: Could not create file "example.com.log" in /home/examplecom/var/log/apache2/domlogs/examplecom: Directory /home/examplecom/var/log/apache2/domlogs/examplecom does not exist.

All of my error logs are contained within the logs folder at the root of my file manager. When I try to access the php.slow.log file, it's permissions are set to 0600 and I am unable to change them or view the file. I am the root user.

 

[cPRex]

@MikePav - could you create a ticket with our support team so we can look into that issue? There could be several different things going on with Apache and logging that could explain that behavior.

 

[MikePav]

@MikePav - could you create a ticket with our support team so we can look into that issue? There could be several different things going on with Apache and logging that could explain that behavior.

I have an open ticket at the moment already, #94408397, which I am about to update.

 

[cPRex]

Thanks for that reply - it seems there is a bit more going on with that system than just PHP-FPM, as you also mentioned a DoS attack and some other issues on the AWS side.

For public hosting, especially where you don't personally control all the sites, it might be a good idea to look into a tool like CloudLinux as that would let you limit the resources for individual domains on the server. That can be done manually for domains that are causing problems, or inside of an account package so you can assign plans with various levels of resource usage to your clients.

For more details about the CloudLinux software, which can be purchased through the cPanel store, their Introduction page is a great place to start:

Introduction

CloudLinux OS Shared is designed for shared hosting providers. It isolates each customer into a separate “Lightweight Virtualized Environment” (LVE), which allocates and limits server resources, like memory, CPU and the number of simultaneous connections, for each web hosting tenant. This...

docs.cloudlinux.com