So I need some help investigating an issue I had happen to my server yesterday. First, I have a shared VPS, and my hosting company will power off the VM if I have load over 5 for 5 minutes. Well i had a load over 10 - 20 for 10 hours. They shut me off over and over in the A.M. But i begged them to let my server stay online so I could try to disable stuff and get it to work.
Needless to say, I turned off IMAP, EXIM, etc, etc, and my load was still way over 10 +
my LDF / ClamAV, etc crashed and I got a high CPU load email one time showing apachestatus, and there was a few IPS doing "alot" of requests and POSTS with some malware type stuff blah blah.php xx.php virus.php etc. i have CXS scanner which usually chatches this stuff but it seemed my server was literally blowing up with CPU cycles that nothing was working and everything was just bomb / crashing / restarting / etc.
I was about to give up and just tell every user on my server that the server got hacked / destroyed and here is their backup, cya later, etc. But eventually by the end of the day everything settled down, the server did some updates, things came back online, and here we are. But I am nervous / scared that I could have another day like that one...
What can I do to find out what / why / who / how my server had such incredible load for 10 hours straight?
Load_1 Min:0.00 Max:28.74 Avg:3.83
Load_5 Min:0.15 Max:19.80 Avg:3.83
Load_15 Min:0.31 Max:16.10 Avg:3.71
28.74 for a 1 min load?? yikes!
So you can see 9am - till 3pm? ish I was under major load.
Here is my 30 day load so you can see how crazy this is.
Each little Jump is my weekly full server backup.
So I guess my server was in the middle of a backup? and got some sort of insane load? or was DDoS? or I dont know why this week was different..
What can I do to start investigating those blocks of hours to see exactly what / why this happened to my server?
thanks!
Needless to say, I turned off IMAP, EXIM, etc, etc, and my load was still way over 10 +
my LDF / ClamAV, etc crashed and I got a high CPU load email one time showing apachestatus, and there was a few IPS doing "alot" of requests and POSTS with some malware type stuff blah blah.php xx.php virus.php etc. i have CXS scanner which usually chatches this stuff but it seemed my server was literally blowing up with CPU cycles that nothing was working and everything was just bomb / crashing / restarting / etc.
I was about to give up and just tell every user on my server that the server got hacked / destroyed and here is their backup, cya later, etc. But eventually by the end of the day everything settled down, the server did some updates, things came back online, and here we are. But I am nervous / scared that I could have another day like that one...
What can I do to find out what / why / who / how my server had such incredible load for 10 hours straight?
Load_1 Min:0.00 Max:28.74 Avg:3.83
Load_5 Min:0.15 Max:19.80 Avg:3.83
Load_15 Min:0.31 Max:16.10 Avg:3.71
28.74 for a 1 min load?? yikes!
So you can see 9am - till 3pm? ish I was under major load.
Here is my 30 day load so you can see how crazy this is.
Each little Jump is my weekly full server backup.
So I guess my server was in the middle of a backup? and got some sort of insane load? or was DDoS? or I dont know why this week was different..
What can I do to start investigating those blocks of hours to see exactly what / why this happened to my server?
thanks!
