Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Need help in tracing httpd processes by nobody

Discussion in 'EasyApache' started by DeepXP, Mar 31, 2015.

  1. DeepXP

    DeepXP Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Internet
    cPanel Access Level:
    Root Administrator
    For past one week, 3-4 random nobody owned processes use 200-300% CPU usage each.

    I tried to trace it with the help of server support guys but looks like we are looking in the wrong direction.

    I thought, it might help me to trace the issues by getting views of cPanel forum members.

    Here are the details of server:

    CentOS 6.6
    Apache 2.4.12
    PHP 5.5.23

    Using suPHP and MPM Event, have enabled OPCache in php.ini too.

    We managed to trace the site but not able to locate the exact file. lsof for that process ID reveals requests to few IPs but no file name. We cannot suspend the site as it's huge and cannot afford to lose the client.

    No improvement in traffic since past one week.

    Any kind of pointers would really help us.
     
  2. DeepXP

    DeepXP Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Internet
    cPanel Access Level:
    Root Administrator
    Ok, after digging deeper and tracing it manually via disabling multiple files, I fixed it. The issue was due to one of the faulty rewrite rules.

    This was the rule:

    RewriteCond %{HTTP_REFERER} ^([^.]+.)*?example\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} ^([^.]+.)*?example1\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} ^([^.]+.)*?example3\.com [NC,OR]
    RewriteRule .* – [F]
    ## STOP REFERRER SPAM ##

    Around 20 more such sites in the same pattern as above.
     
  3. JacobPerkins

    JacobPerkins Well-Known Member

    Joined:
    May 2, 2014
    Messages:
    619
    Likes Received:
    97
    Trophy Points:
    103
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Thanks for reporting back the fix! Debugging httpd processes is all sorts of fun.
     
    DeepXP likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice