lfd: High 5 minute load average alert - 37.96

[partsace]

Time: Mon Apr 7 15:52:52 2008
1 Min Load Avg: 105.35
5 Min Load Avg: 37.96
15 Min Load Avg: 13.98
Running/Total Processes: 1/345

Output from ps:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2356 128 ? S Apr01 0:09 init [3]
root 2 0.0 0.0 0 0 ? S Apr01 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN Apr01 0:01 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S Apr01 0:00 [migration/1]
root 5 0.0 0.0 0 0 ? SN Apr01 0:01 [ksoftirqd/1]
root 6 0.0 0.0 0 0 ? S Apr01 0:06 [migration/2]
root 7 0.0 0.0 0 0 ? SN Apr01 0:00 [ksoftirqd/2]
root 8 0.0 0.0 0 0 ? S Apr01 0:00 [migration/3]
root 9 0.0 0.0 0 0 ? SN Apr01 0:00 [ksoftirqd/3]
root 10 0.0 0.0 0 0 ? S< Apr01 0:01 [events/0]
root 14 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [khelper]
root 15 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [kacpid]
root 63 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [kblockd/0]
root 64 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [kblockd/1]
root 65 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [kblockd/2]
root 66 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [kblockd/3]
root 87 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [aio/0]
root 88 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [aio/1]
root 89 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [aio/2]
root 90 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [aio/3]
root 11 0.0 0.0 0 0 ? S< Apr01 0:00 [events/1]
root 1043 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [kauditd]
root 12 0.0 0.0 0 0 ? S< Apr01 0:00 [events/2]
root 28543 0.0 0.0 0 0 ? S 02:25 0:21 \_ [pdflush]
root 13 0.0 0.0 0 0 ? S< Apr01 0:00 [events/3]
root 540 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [ata/0]
root 541 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [ata/1]
root 542 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [ata/2]
root 543 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [ata/3]
root 544 0.0 0.0 0 0 ? S< Apr01 0:00 \_ [ata_aux]
root 8110 0.0 0.0 0 0 ? S 06:56 0:00 \_ [pdflush]
root 67 0.0 0.0 0 0 ? S Apr01 0:00 [khubd]
root 86 0.0 0.0 0 0 ? S Apr01 5:57 [kswapd0]
root 234 0.0 0.0 0 0 ? S Apr01 0:00 [kseriod]
root 505 0.0 0.0 0 0 ? S Apr01 0:00 [scsi_eh_0]
root 506 0.0 0.0 0 0 ? S Apr01 0:10 [usb-storage]
root 526 0.0 0.0 0 0 ? S Apr01 0:00 [scsi_eh_1]
root 527 0.0 0.0 0 0 ? S Apr01 0:00 [aacraid]
root 550 0.0 0.0 0 0 ? S Apr01 0:00 [scsi_eh_2]
root 551 0.0 0.0 0 0 ? S Apr01 0:00 [scsi_eh_3]
root 565 0.0 0.0 0 0 ? D Apr01 7:53 [kjournald]
root 1801 0.0 0.0 2152 84 ? S<s Apr01 0:00 udevd
root 2086 0.0 0.0 0 0 ? S Apr01 0:00 [kjournald]
root 2087 0.0 0.0 0 0 ? S Apr01 0:00 [kjournald]
root 5055 0.0 0.0 1724 204 ? Ds Apr01 0:58 syslogd -m 0
root 5059 0.0 0.0 2888 196 ? Ss Apr01 0:03 klogd -x
root 5072 0.0 0.0 3436 272 ? Ss Apr01 0:01 irqbalance
named 5084 1.1 2.3 116980 48392 ? Ssl Apr01 96:06 /usr/sbin/named -u named
root 5235 0.0 0.0 3140 72 ? Ss Apr01 0:00 /usr/sbin/acpid
root 5290 0.0 0.0 5088 296 ? Ss Apr01 0:00 /usr/sbin/sshd
root 5303 0.0 0.0 3308 132 ? Ss Apr01 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
ntp 5315 0.0 0.2 5428 5428 ? SLs Apr01 0:08 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
root 5324 0.0 0.0 6200 712 ? S Apr01 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-file=/var/lib/mysql/ns1.oemparts.net.pid
mysql 5348 6.5 1.2 136028 26936 ? Sl Apr01 561:27 \_ /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/ns1.oemparts.net.pid --skip-external-locking
postgres 5408 0.0 0.0 19872 1268 ? S Apr01 0:06 /usr/bin/postmaster -p 5432 -D /var/lib/pgsql/data
postgres 5410 0.0 0.0 10496 976 ? S Apr01 0:00 \_ postgres: stats buffer process
postgres 5411 0.0 0.0 9504 504 ? S Apr01 0:00 \_ postgres: stats collector process
root 5432 0.0 0.1 8048 3344 ? S Apr01 0:04 chkservd
mailnull 8141 0.0 0.0 9392 1060 ? Ss Apr01 0:57 /usr/sbin/exim -bd -q60m
mailnull 27677 0.5 0.0 9408 684 ? S 15:49 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28007 0.6 0.0 9424 948 ? S 15:50 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28009 0.5 0.0 9448 1120 ? D 15:50 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28011 0.9 0.0 9400 604 ? S 15:50 0:01 \_ /usr/sbin/exim -bd -q60m
mailnull 28012 0.3 0.0 9424 1204 ? S 15:50 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28013 0.4 0.0 9424 948 ? S 15:50 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28014 0.6 0.0 9424 952 ? S 15:50 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28015 0.3 0.0 9424 952 ? S 15:50 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28016 0.5 0.0 9424 948 ? S 15:50 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28017 0.4 0.0 9424 948 ? S 15:50 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28018 0.3 0.0 9400 604 ? S 15:50 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28019 0.6 0.0 9424 952 ? S 15:50 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28020 0.4 0.0 9408 1056 ? D 15:50 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28043 0.3 0.0 9424 952 ? S 15:51 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28044 0.5 0.0 9400 592 ? S 15:51 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28072 0.2 0.0 9400 604 ? S 15:51 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28073 0.7 0.0 9400 592 ? S 15:51 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28074 0.3 0.0 9400 604 ? S 15:51 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28085 1.1 0.0 9400 608 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28086 0.2 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28087 1.2 0.0 9400 592 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28088 0.2 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28089 1.0 0.0 9400 608 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28090 0.2 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28091 0.0 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28092 0.4 0.0 9400 608 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28093 0.8 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28094 0.0 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28095 1.0 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28096 1.0 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28097 1.7 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28098 1.8 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28099 0.6 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28100 0.3 0.0 9400 592 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28101 0.3 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28102 0.6 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28103 1.4 0.0 9400 608 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28106 0.0 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28107 0.4 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28108 1.2 0.0 9400 608 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28109 0.5 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28110 0.3 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28111 0.6 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28112 0.5 0.0 9400 604 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28132 0.0 0.0 9400 592 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28144 1.2 0.0 9400 592 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28153 1.7 0.0 9400 768 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 28154 0.0 0.0 9400 772 ? S 15:52 0:00 \_ /usr/sbin/exim -bd -q60m
mailnull 8146 0.0 0.0 8392 1028 ? Ss Apr01 0:00 /usr/sbin/exim -tls-on-connect -bd -oX 465

(Complete log file attached)

Does anyone see a problem with this? I can't figure it out.

Thanks,

C. Scott Williams

 

[Ghulam Yaseen]

solution....

(Complete log file attached)

Does anyone see a problem with this? I can't figure it out.

Thanks,

C. Scott Williams

Kindly kill all the exim processes on your server by executing the commands....

• KILLALL -9 exim

http://forums.cpanel.net/images/icons/icon11.gif
Red face

• Now restart the exim and have a good day

 

[partsace]

Server Load 107.99 (4 cpus)
Memory Used 89.7 %

Time: Tue Apr 8 09:12:31 2008
1 Min Load Avg: 38.78
5 Min Load Avg: 11.34
15 Min Load Avg: 4.20
Running/Total Processes: 6/306

I think I may have another problem.

Thanks for your help Ghulam,

Scott

 

[partsace]

I have completely stop Exim and I still have the server load problems.

Server Load 2.95 (4 cpus)
Memory Used 94.7 %

7 seconds later:

Server Load 102.95 (4 cpus)
Memory Used 10.7 %

When the memory gets up that high, the server load then shoots to the moon and the memory used drops to normal, but the server load is very high.

Where do I need to look to start to fix this problem.

Scott

 

[WebHostDog]

Seems somebody is sending a lot of emails which is cauing the load. Check your email queue.

 

[partsace]

Someone put a script on my server and have sent out over 10,000 emails to people in Europe. But it was an easy fix and all is good now.

I got this:

HACKED BY Casanova

Greatz: KİN(MT) | SAYKO |DARKWORK | By-KİKİ |

contact:Www.Bordobereliler.Net

I had a 777 image directory with osCommerce and they uploaded a few files through an unsecured admin section. Here are the names of the files they uploaded:

0,php, 01.txt, c.php, CollectAnswers.php, header.html, index.html, ini.php, question.html, signon.html, signon.php, and win.php

I am posting this information in case someone else has an issue with Casanova.

Scott