The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Load problem caused by one account

Discussion in 'General Discussion' started by asiams, Nov 28, 2007.

  1. asiams

    asiams Well-Known Member

    Joined:
    May 28, 2003
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hokkaido, JAPAN
    Hello,

    I have a customer whose account is causing the server CPU load high occasionally.

    I have ran hotsanic running to monitor the load, and each time this customer's account has high CPU time, the cpu load goes high. This tells me this particular account is causing the load.

    Now, how can I pin point which script is causing this problem?

    Anyone has similar experience like this?

    Any idea?

    Thanks.

    asiams
     
  2. asiams

    asiams Well-Known Member

    Joined:
    May 28, 2003
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hokkaido, JAPAN
    Added information

    Here is what I get from the server report:

    This is an automated status warning from server22.kchosting.jp. The process (1916) has exceeded defined resource limits, as such a kill signal was invoked from the process resource monitor.

    - Event Summary:
    USER: tracehp
    PID : 1916
    CMD : spamd
    CPU%: 46 (limit: 40)
    MEM%: 1 (limit: 20)
    PROCS: 4 (limit: 25)

    In one day, I get these reports over 20.

    Here is the load warning report:

    tracehp 6400 36.0 1.6 38760 33976 ? R 07:31 41:01 \_ spamd child
    tracehp 6648 22.4 1.7 41696 37024 ? R 07:34 25:01 \_ spamd child
    tracehp 1916 22.4 1.5 34268 31300 ? R 09:02 5:08 \_ spamd child

    The domain name is arttrace.org.

    Here is my server setup:

    WHM 11.11.0 cPanel 11.15.0-C18033
    CENTOS Enterprise 4.5 i686 on standard - WHM X v3.1.0

    Thank you in advance.

    asiams
     
    #2 asiams, Nov 28, 2007
    Last edited: Nov 28, 2007
  3. asiams

    asiams Well-Known Member

    Joined:
    May 28, 2003
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hokkaido, JAPAN
    ConfigServer Security & Firewall - csf v2.92

    Hello again,

    I have ConfigServer Security & Firewall - csf v2.92 working on my server.

    Can this script identify any DDOS attack and kill the process automatically?

    My server load can be from DDOS attack and would like to know any prevention methods.

    Thanks.

    asiams
     
  4. asiams

    asiams Well-Known Member

    Joined:
    May 28, 2003
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hokkaido, JAPAN
    Can Movable Type cause server load?

    Hello,

    I have found this account uses movable type version 3. Can older version of MT cause the server load high?

    Maybe this site invites free submit to the blog site?

    I have to check this, but would like to hear if you had the similar experiences.

    If so, please reply to this.

    Thanks.

    asiams
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you look over your settings for CSF you will find ways of stopping many problems. Even tarring up files if needed to stop an issue.
    You should watch your logs closely to see if they reveal anything as well. One of my favorite ways of doing this is using http://www.logview.org


    movable type is at version 4 now http://www.movabletype.org/ and there may be some exploits to be concerned about, or poorly coded plugins that could be causing the problems. Any time you see an out of date script, thats the first place to start. Get it upgraded or suspend the account. (always gets the users attention quickly) ;)

    My guess is if you've configured your CSF correctly it would stop the issue and/or at least alert you to some idea of whats going on.


    Flying blind really sucks, CSF and logview can help you "see" things more clearly. IMHO. :)
     
  6. asiams

    asiams Well-Known Member

    Joined:
    May 28, 2003
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hokkaido, JAPAN
    Thank you

    Hello Infopro,

    Thank you for your input.

    I wanted to download the logview, but their server is having problem with internal error.

    I will wait until their site is up again.

    So, I will start to look for the old scripts carefully and see what I can find.

    I need to look carefully about the setup for CSF closely. Is there any suggestive settings with some reasons you can recommend?

    Thanks.

    asiams
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    For starters, go to firewall security level and set it to high. Do you have mod_security installed? If not install that as well. I'll fire of an email to logview about his site.
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hmm, his mail is down as well.
     
  9. asiams

    asiams Well-Known Member

    Joined:
    May 28, 2003
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hokkaido, JAPAN
    Mod_security on

    Hello InfoPro,

    Thank you for your input.

    I have changed the csf's security level to high now.

    Yes, I have installed mod_security.

    Somehow logview.org site is not accessible with internal server error. Hmmm

    Do you know other site besides logview.org where I can download the software?

    Thanks.

    asiams
     
  10. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    Drop me a pm, i will mail it to you.
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I looked around my drive and online for it and had no luck. It's a simple small script, maybe you could attach it here for others.
     
  12. asiams

    asiams Well-Known Member

    Joined:
    May 28, 2003
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hokkaido, JAPAN
    Report after firewall to high

    Hello,

    Here is the hotsanic report of the CPU load for hour/day/week/month.

    Please take a look at them and see every a couple of hour, the load rises to over 20 for a short while, then it goes down under 2 per a minute. Weired to me.

    It never happened to this server. If you take a look at the month report, this began to happen around week 45.

    Then this crazy high load began on a regular base.

    Still I do not have a clue for the high load. I am still looking into the old scripts to pin point.

    Any suggestions are greatly appreciated.

    asiams
     

    Attached Files:

  13. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    I sent you a link for an older version but it works fine. You can easily upgrade once the dev site is back online.
     
  14. xisn

    xisn Well-Known Member

    Joined:
    Dec 4, 2004
    Messages:
    128
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    logview.org

    Sorry guys, had some sessions issues on the server after an update to PHP/Apache2

    Server is back up and running and ready for you if needed...
     
Loading...

Share This Page