Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Need DDoS investigating help or high CPU cycle help

Discussion in 'General Discussion' started by Zuriel, Nov 6, 2018.

  1. Zuriel

    Zuriel Registered

    Joined:
    May 23, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Florida
    cPanel Access Level:
    Root Administrator
    So I need some help investigating an issue I had happen to my server yesterday. First, I have a shared VPS, and my hosting company will power off the VM if I have load over 5 for 5 minutes. Well i had a load over 10 - 20 for 10 hours. They shut me off over and over in the A.M. But i begged them to let my server stay online so I could try to disable stuff and get it to work.

    Needless to say, I turned off IMAP, EXIM, etc, etc, and my load was still way over 10 +

    my LDF / ClamAV, etc crashed and I got a high CPU load email one time showing apachestatus, and there was a few IPS doing "alot" of requests and POSTS with some malware type stuff blah blah.php xx.php virus.php etc. i have CXS scanner which usually chatches this stuff but it seemed my server was literally blowing up with CPU cycles that nothing was working and everything was just bomb / crashing / restarting / etc.

    I was about to give up and just tell every user on my server that the server got hacked / destroyed and here is their backup, cya later, etc. But eventually by the end of the day everything settled down, the server did some updates, things came back online, and here we are. But I am nervous / scared that I could have another day like that one...

    What can I do to find out what / why / who / how my server had such incredible load for 10 hours straight?

    Load_1 Min:0.00 Max:28.74 Avg:3.83
    Load_5 Min:0.15 Max:19.80 Avg:3.83
    Load_15 Min:0.31 Max:16.10 Avg:3.71

    28.74 for a 1 min load?? yikes!

    24_hour_load.jpg


    So you can see 9am - till 3pm? ish I was under major load.

    Here is my 30 day load so you can see how crazy this is.

    30_day_load.jpg

    Each little Jump is my weekly full server backup.

    So I guess my server was in the middle of a backup? and got some sort of insane load? or was DDoS? or I dont know why this week was different..

    What can I do to start investigating those blocks of hours to see exactly what / why this happened to my server?

    thanks!
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,472
    Likes Received:
    505
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Zuriel


    Firstly after the fact it's so difficult to tell what caused the high load. The daily process log in WHM>>Server status>>Daily Process Log may be helpful still since it reserves high usage statistics averages. The forum resource should also prove helpful: Tutorial - Troubleshooting high server loads on Linux servers

    You might also find some information in the logs though it may not be too telling at this point:

    Code:
    /var/log/messages
    /etc/apache2/conf/httpd.conf
    Ultimately the best resource may be a system administrator. If you don't have one you might find one here: System Administration Services | cPanel Forums

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice