new server, high load but no traffic, no sites, completly emtpy server

[apogee]

hello,

i've got a new server installed 4 days ago, curently i'm testing the server. i've since 3 days a "high" load on this server but ther is nothing on it, no accounts, no traffic, just a fresh centos/cpanel setup.

let me show:

top - 13:19:59 up 4 days, 17:39,  1 user,  load average: 1.04, 0.98, 0.73
Tasks:  94 total,   1 running,  93 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.0% us,  0.0% sy,  0.0% ni, 100.0% id,  0.0% wa,  0.0% hi,  0.0% si
Mem:   8311500k total,   879392k used,  7432108k free,    71308k buffers
Swap:  4192956k total,        0k used,  4192956k free,   592992k cached

ps:

[root@newbox ~]# ps axuf
USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  2264  548 ?        S    Aug05   0:00 init [3]
root         2  0.0  0.0     0    0 ?        S    Aug05   0:00 [migration/0]
root         3  0.0  0.0     0    0 ?        SN   Aug05   0:00 [ksoftirqd/0]
root         4  0.0  0.0     0    0 ?        S    Aug05   0:00 [migration/1]
root         5  0.0  0.0     0    0 ?        SN   Aug05   0:04 [ksoftirqd/1]
root         6  0.0  0.0     0    0 ?        S    Aug05   0:00 [migration/2]
root         7  0.0  0.0     0    0 ?        SN   Aug05   0:03 [ksoftirqd/2]
root         8  0.0  0.0     0    0 ?        S    Aug05   0:00 [migration/3]
root         9  0.0  0.0     0    0 ?        SN   Aug05   0:00 [ksoftirqd/3]
root        10  0.0  0.0     0    0 ?        S<   Aug05   0:00 [events/0]
root        14  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [khelper]
root        15  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [kacpid]
root        41  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [kblockd/0]
root        42  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [kblockd/1]
root        43  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [kblockd/2]
root        44  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [kblockd/3]
root        62  0.0  0.0     0    0 ?        S    Aug05   0:00  \_ [pdflush]
root        63  0.0  0.0     0    0 ?        S    Aug05   0:00  \_ [pdflush]
root        65  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [aio/0]
root        66  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [aio/1]
root        67  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [aio/2]
root        68  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [aio/3]
root        11  0.0  0.0     0    0 ?        S<   Aug05   0:00 [events/1]
root      1160  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [kauditd]
root        12  0.0  0.0     0    0 ?        S<   Aug05   0:00 [events/2]
root        13  0.0  0.0     0    0 ?        S<   Aug05   0:00 [events/3]
root       475  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [ata/0]
root       476  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [ata/1]
root       477  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [ata/2]
root       478  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [ata/3]
root       479  0.0  0.0     0    0 ?        S<   Aug05   0:00  \_ [ata_aux]
root        45  0.0  0.0     0    0 ?        S    Aug05   0:00 [khubd]
root        64  0.0  0.0     0    0 ?        S    Aug05   0:00 [kswapd0]
root       212  0.0  0.0     0    0 ?        S    Aug05   0:00 [kseriod]
root       452  0.0  0.0     0    0 ?        S    Aug05   0:00 [scsi_eh_0]
root       526  0.0  0.0     0    0 ?        S    Aug05   0:00 [scsi_eh_1]
root       527  0.0  0.0     0    0 ?        S    Aug05   0:12 [usb-storage]
root       534  0.0  0.0     0    0 ?        S    Aug05   0:00 [scsi_eh_2]
root       535  0.0  0.0     0    0 ?        S    Aug05   0:35 [usb-storage]
root       550  0.0  0.0     0    0 ?        S    Aug05   0:09 [kjournald]
root      1897  0.0  0.0  3564  528 ?        S<s  Aug05   0:00 udevd
root      2143  0.0  0.0     0    0 ?        S    Aug05   0:00 [kjournald]
root      2568  0.0  0.0     0    0 ?        S<   Aug05   0:00 [loop0]
root      2569  0.0  0.0     0    0 ?        S    Aug05   0:00 [kjournald]
root      2832  0.0  0.0  3504  516 ?        Ss   Aug05   0:01 syslogd -m 0
root      2836  0.0  0.0  2504  384 ?        Ss   Aug05   0:00 klogd -x
root      2849  0.0  0.0  2936  288 ?        Ss   Aug05   0:00 irqbalance
root      2893  0.0  0.0  5348  372 ?        Ss   Aug05   0:00 rpc.idmapd
root      2924  0.0  0.0  2744  436 ?        Ss   Aug05   0:00 /usr/sbin/acpid
root      3400  0.0  0.8 87388 73460 ?       Ssl  Aug05   0:07 /usr/sbin/clamd
mailnull  3406  0.0  0.0  8768 1752 ?        Ss   Aug05   0:00 /usr/sbin/exim -bd -oX 587
mailnull  3412  0.0  0.0  8560 1772 ?        Ss   Aug05   0:00 /usr/sbin/exim -bd -q60m
mailnull  3419  0.0  0.0  8160 1736 ?        Ss   Aug05   0:00 /usr/sbin/exim -tls-on-connect -bd -oX 465
root      3459  0.0  0.0  3248  624 ?        Ss   Aug05   0:00 /usr/sbin/dovecot
root      3461  0.0  0.0  2688  880 ?        S    Aug05   0:02  \_ dovecot-auth
dovecot   3467  0.0  0.0  4044 1492 ?        S    Aug05   0:00  \_ pop3-login
dovecot   3468  0.0  0.0  5176 1492 ?        S    Aug05   0:00  \_ pop3-login
dovecot   3469  0.0  0.0  5496 1512 ?        S    Aug05   0:01  \_ imap-login
dovecot   3470  0.0  0.0  5172 1508 ?        S    Aug05   0:00  \_ imap-login
root      3471  0.0  0.0 11300 4996 ?        Ss   Aug05   0:15 /usr/local/apache/bin/httpd -k start -DSSL
nobody   27678  0.0  0.0 11436 4448 ?        S    Aug07   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody   27679  0.0  0.0 11436 4444 ?        S    Aug07   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody   27680  0.0  0.0 11436 4444 ?        S    Aug07   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody   27681  0.0  0.0 11436 4448 ?        S    Aug07   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody   27682  0.0  0.0 11436 4444 ?        S    Aug07   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody    9685  0.0  0.0 11436 4444 ?        S    Aug08   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody   28644  0.0  0.0 11300 4388 ?        S    Aug08   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
root      3490  0.0  0.0  5372  920 ?        Ss   Aug05   0:00 crond
root      3581  0.0  0.0 14348 7600 ?        S    Aug05   0:00 cpdavd - accepting connections on 2077 and 2078
root      3586  0.0  0.0  5584 1764 ?        SN   Aug05   0:00 cpanellogd - sleeping for logs
root      3626  0.0  0.0  8288 5492 ?        Ss   Aug05   0:02 tailwatchd
dbus      3643  0.0  0.0  3620  800 ?        Ss   Aug05   0:00 dbus-daemon-1 --system
root      3656  0.0  0.0  5272 2684 ?        Ss   Aug05   0:54 hald
root      3681  0.0  0.0  1500  388 ?        Ss   Aug05   0:00 /usr/sbin/portsentry -tcp
root      3733  0.0  0.0  2688  400 tty1     Ss+  Aug05   0:00 /sbin/mingetty tty1
root      3734  0.0  0.0  2256  396 tty2     Ss+  Aug05   0:00 /sbin/mingetty tty2
root      3735  0.0  0.0  2760  400 tty3     Ss+  Aug05   0:00 /sbin/mingetty tty3
root      3736  0.0  0.0  3232  400 tty4     Ss+  Aug05   0:00 /sbin/mingetty tty4
root      3737  0.0  0.0  2352  400 tty5     Ss+  Aug05   0:00 /sbin/mingetty tty5
root      3738  0.0  0.0  3236  396 tty6     Ss+  Aug05   0:00 /sbin/mingetty tty6
root     22686  0.0  0.0  7600 2348 ?        Ss   Aug06   0:04 sshd: root@pts/0
root     22689  0.0  0.0  4804 1456 pts/0    Ss   Aug06   0:00  \_ -bash
root     29426  0.0  0.0  3172  780 pts/0    R+   13:20   0:00      \_ ps axuf
root     22822  0.0  0.0  5860 1032 ?        Ss   Aug06   0:00 /usr/sbin/sshd
root     22971  0.0  0.0  6572 1396 ?        Ss   Aug06   0:00 pure-ftpd (SERVER)
root     22974  0.0  0.0  7012  880 ?        S    Aug06   0:00 /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/sbin/pureauth
root     15953  0.0  0.1 18328 13024 ?       Ss   00:00   0:07 lfd - sleeping
root     16861  0.0  0.2 25992 23488 ?       Ss   00:50   0:01 /usr/bin/spamd -d --allowed-ips=127.0.0.1 --pidfile=/var/run/spamd.pid --max-children=5
root     16981  0.0  0.2 26192 23228 ?       S    00:50   0:14  \_ spamd child
root     16982  0.0  0.2 25992 22444 ?       S    00:50   0:00  \_ spamd child
root     16975  0.0  0.0 17100 8040 ?        S    00:50   0:00 cpsrvd - waiting for connections
root     29401  0.0  0.1 17060 8340 ?        S    13:19   0:00  \_ whostmgrd - serving 212.00.00.00
root     29421  0.0  0.0     0    0 ?        Z    13:20   0:00  \_ [cpsrvd-ssl] <defunct>

hardware:

[root@newbox ~]# cat /proc/cpuinfo | grep 'model name'
model name      : Intel(R) Xeon(TM) CPU 3.20GHz
model name      : Intel(R) Xeon(TM) CPU 3.20GHz
model name      : Intel(R) Xeon(TM) CPU 3.20GHz
model name      : Intel(R) Xeon(TM) CPU 3.20GHz

[root@newbox ~]# cat /proc/meminfo | grep MemTotal
MemTotal:      8311500 kB

Any idea whats wrong with my new box?

BTW: I use raid 1 on 15k u320 SCSI disks with lsi scsi raid controller

 

[thewebhosting]

Few apache processes are running. Also, somebody is trying to access WHM from IP address 212.00.00.00. Rest of the things seems to be fine.

Please continuously check the load using top -c and provide updated screen if you find high server load.

 

[zigzam]

Did you figure out what was wrong? I have the same problem.

 

[AR15Armory]

I am also experiencing this as well, but my server is up and running what is causing this and how to fix it.

/usr/sbin/clamd

 

[Spiral]

Apogee, is this a VPS, Dedicated, or Cloud?

If your server is a traditional VPS, you may be seeing load levels coming from the other VPS servers on the same machine.

 

[zigzam]

Server in my case

 

[AR15Armory]

I am also dedicated server with only 5 sites on it.

 

[zigzam]

Here are the full details on my issue:
https://www.centos.org/modules/newbb/viewtopic.php?topic_id=21941&forum=37

 

[Spiral]

I am also dedicated server with only 5 sites on it.

Ok, I would have to look deeper then in that case if you are dedicated ...

It could possibly be a configuration issue, a hardware problem, or possibly whoever had the IP before you had a lot of traffic (check netstat) and causing your server to load prematurely.

Either way, would probably need a bit more information to determine more precisely what is going on here.

 

[AR15Armory]

Well I got to looking around more and thought it was something to do with the SpamAssassin, so I restarted the following services not wanting to restart Apache, after wards the CPU high load percentage was gone.
Mail Server
POP3 Server
SQL Server
SSH Server