Overloaded server, load average sometimes over 100.0

Ramon Pego

Ramon Pego

Active Member
Mar 12, 2019
27
5
3
Brazil
cPanel Access Level
Root Administrator
Hello, at about the same time yesterday my server crashed, it was impossible to access the sites hosted on them, or even access the server via whm.foo.com
Today after the same thing happened, I managed to log in to the server after a while and saw that the load average was very high as mentioned above 100.
What really caught my attention was that the 2 were around the same time
11:20 America / Sao_Paulo Time.
I'll send some log files, i don't quite understand them

newest entrys on
Code: 
/var/log/messages

and
Code: 
/var/log/dmesg
 
Last edited by a moderator:
cPanelLauren

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
12,377
1,129
313
Houston
This looks like a brute force attack but all i see in the logs are Brute Force warnings from cPhulk (prior to removing the 3rd party link) The dmesg output is from reboot on and nothing prior so it's not extremely helpful.

What are you looking for when you're getting the log data from /var/log/messages
If the issue does occur again the lines of the log prior to reboot would be useful but even more useful would be behavior as it occurs. Some of the following may be:

Code: 
 netstat -plan|egrep 'tcp|udp' |awk '{print $5, $7}'|cut -d: -f1 |sort |uniq -c |sort -n
Also the following may be helpful in identifying the cause Tutorial - Troubleshooting high server loads on Linux servers
 
Ramon Pego

Ramon Pego

Active Member
Mar 12, 2019
27
5
3
Brazil
cPanel Access Level
Root Administrator
cPanelLauren said:
This looks like a brute force attack but all i see in the logs are Brute Force warnings from cPhulk (prior to removing the 3rd party link) The dmesg output is from reboot on and nothing prior so it's not extremely helpful.

What are you looking for when you're getting the log data from /var/log/messages
If the issue does occur again the lines of the log prior to reboot would be useful but even more useful would be behavior as it occurs. Some of the following may be:

Code: 
 netstat -plan|egrep 'tcp|udp' |awk '{print $5, $7}'|cut -d: -f1 |sort |uniq -c |sort -n
Also the following may be helpful in identifying the cause Tutorial - Troubleshooting high server loads on Linux servers
Click to expand...
Hello it just happened again, I'm waiting for the server to be accessible to try to recover the logs.
During the fall I can't get access.
I showed these logs at the suggestion of the company that owns the bare metal which i'm using for server, I am relatively new in this type of problem.
First time that occurs to me

I saw that you removed the logs about being third party links, where I can send them? Because here I can only send photos
 
You must log in or register to reply here.
Top Bottom