The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help in tracing httpd processes by nobody

Discussion in 'EasyApache' started by DeepXP, Mar 31, 2015.

  1. DeepXP

    DeepXP Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Internet
    cPanel Access Level:
    Root Administrator
    For past one week, 3-4 random nobody owned processes use 200-300% CPU usage each.

    I tried to trace it with the help of server support guys but looks like we are looking in the wrong direction.

    I thought, it might help me to trace the issues by getting views of cPanel forum members.

    Here are the details of server:

    CentOS 6.6
    Apache 2.4.12
    PHP 5.5.23

    Using suPHP and MPM Event, have enabled OPCache in php.ini too.

    We managed to trace the site but not able to locate the exact file. lsof for that process ID reveals requests to few IPs but no file name. We cannot suspend the site as it's huge and cannot afford to lose the client.

    No improvement in traffic since past one week.

    Any kind of pointers would really help us.
     
  2. DeepXP

    DeepXP Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Internet
    cPanel Access Level:
    Root Administrator
    Ok, after digging deeper and tracing it manually via disabling multiple files, I fixed it. The issue was due to one of the faulty rewrite rules.

    This was the rule:

    RewriteCond %{HTTP_REFERER} ^([^.]+.)*?example\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} ^([^.]+.)*?example1\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} ^([^.]+.)*?example3\.com [NC,OR]
    RewriteRule .* – [F]
    ## STOP REFERRER SPAM ##

    Around 20 more such sites in the same pattern as above.
     
  3. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    509
    Likes Received:
    64
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Thanks for reporting back the fix! Debugging httpd processes is all sorts of fun.
     
    DeepXP likes this.
Loading...

Share This Page