Is This A DDos Attack?

I'm no expert, but it looks like it could be. cPanel are experts though, and are most likely right.

During the high load, do you have problems connecting to the server and/or slow download speeds?

Ben

 

Run this command and see if there is anyone connected with an excessive amount of connections:

Code:

netstat -tn --inet 2> /dev/null| grep ":80" | awk '/tcp[\ ]*[0-9]+[\ ]*[0-9]+[\ ]+[^\ ]+[\ ]*[^\ ]*/ { print $5; }' | cut -d":" -f1 | sort | uniq -c | sort -n

Do you have any PHP/MySQL scripts on your server? If so, do you have nay cache software like APC? I had a similar issue with my forum a couple of years ago and installing eaccelerator helped tremendously.

 

Your process list is ranked by PID rather than CPU load but the highest usage appears to be mysql:

mysql 3148 7.4 14.1 427004 293608 ? S<l Sep09 170:28 \_ /usr/sbin/mysqld --basedir=/
--datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/lt.bilhost.com.pid --skip-external-locking


There doesn't seem to be any pattern in the users under apache processes, although the logs would give you a better idea, so it wouldn't appear that any one site is getting slammed. Someone could hit a users mysql 'search' fast enough on a large database to create these kind of problems and but you have to eyeball the apache processes or apache logs to find it.

try increasing the amount of memory mysql is allowed to use for searches and sorts in /etc/my.cnf. Maybe increase the number of connections also.

 

All crontab's are under "/var/spool/cron" and I'd look at 'root', if I were you. If you have backup's enabled (and I assume you do), see when they run.
The next thing to check would be when the stats run for each site and what kind of stats you have enabled. Some take up more system resources than others.

 

Lots of things, depending on your sites, hardware, traffic, scripts, any number of things.

Open an SSH session around that time and leave 'top' running. Watch for the CPU load to go up or a surge in the number of certain types of processes, swap increasing, etc. Could be a user updating his forum database and rebuilding his pages every day at that time.

 

time to get out of the hosting business, I think ......

 

If I were you I would check out the user: inanilma account.

There seems to be a few PHP processes from that user adding to the server load and they could be the source of the problem.