The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

server load :-( - help!!!!!

Discussion in 'General Discussion' started by c0i0t3, Feb 6, 2006.

  1. c0i0t3

    c0i0t3 Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hospedagem de Site
    I am passing for a great problem, my server if it keeps with load maximum of 2


    18:53:28 up 50 min, 2 users, load average: 1.44, 1.72, 1.76
    18:53:33 up 50 min, 2 users, load average: 1.48, 1.72, 1.76
    18:53:38 up 50 min, 2 users, load average: 1.60, 1.75, 1.76
    18:53:43 up 50 min, 2 users, load average: 1.47, 1.72, 1.75
    18:53:48 up 50 min, 2 users, load average: 1.36, 1.69, 1.75
    18:53:53 up 50 min, 2 users, load average: 1.25, 1.66, 1.74
    18:53:58 up 50 min, 2 users, load average: 1.15, 1.63, 1.73
    18:54:03 up 50 min, 2 users, load average: 1.29, 1.65, 1.73
    18:54:08 up 50 min, 2 users, load average: 1.35, 1.66, 1.73
    18:54:13 up 50 min, 2 users, load average: 1.40, 1.66, 1.73
    18:54:19 up 50 min, 2 users, load average: 1.53, 1.69, 1.74
    18:54:24 up 50 min, 2 users, load average: 1.41, 1.66, 1.73
    18:54:29 up 51 min, 2 users, load average: 1.29, 1.63, 1.72
    18:54:34 up 51 min, 2 users, load average: 1.35, 1.64, 1.72
    18:54:39 up 51 min, 2 users, load average: 1.40, 1.64, 1.72
    18:54:44 up 51 min, 2 users, load average: 1.61, 1.68, 1.74
    18:54:49 up 51 min, 2 users, load average: 1.48, 1.65, 1.73
    18:54:54 up 51 min, 2 users, load average: 1.44, 1.64, 1.72
    18:54:59 up 51 min, 2 users, load average: 1.41, 1.63, 1.72
    18:55:04 up 51 min, 2 users, load average: 1.37, 1.62, 1.71
    18:55:09 up 51 min, 2 users, load average: 1.34, 1.61, 1.71
    18:55:14 up 51 min, 2 users, load average: 1.24, 1.58, 1.70
    18:55:19 up 51 min, 2 users, load average: 1.14, 1.56, 1.69
    18:55:24 up 51 min, 2 users, load average: 1.05, 1.53, 1.68
    18:55:29 up 52 min, 2 users, load average: 1.12, 1.54, 1.68
    18:55:34 up 52 min, 2 users, load average: 1.19, 1.54, 1.69
    18:55:39 up 52 min, 2 users, load average: 1.10, 1.52, 1.68
    18:55:44 up 52 min, 2 users, load average: 1.17, 1.53, 1.68
    18:55:49 up 52 min, 2 users, load average: 1.07, 1.50, 1.67
    18:55:54 up 52 min, 2 users, load average: 0.99, 1.48, 1.66
    18:55:59 up 52 min, 2 users, load average: 0.91, 1.45, 1.65
    18:56:04 up 52 min, 2 users, load average: 0.92, 1.44, 1.65
    18:56:09 up 52 min, 2 users, load average: 0.84, 1.42, 1.64
    18:58:54 up 55 min, 2 users, load average: 1.43, 1.43, 1.60
    18:58:59 up 55 min, 2 users, load average: 1.47, 1.44, 1.61
    18:59:04 up 55 min, 2 users, load average: 1.76, 1.50, 1.62
    18:59:09 up 55 min, 2 users, load average: 1.86, 1.52, 1.63
    18:59:14 up 55 min, 2 users, load average: 1.87, 1.53, 1.63
    18:59:19 up 55 min, 2 users, load average: 1.88, 1.54, 1.64
    18:59:24 up 55 min, 2 users, load average: 2.13, 1.60, 1.65
    18:59:29 up 56 min, 2 users, load average: 2.12, 1.60, 1.66
    18:59:34 up 56 min, 2 users, load average: 2.11, 1.61, 1.66
    18:59:39 up 56 min, 2 users, load average: 2.18, 1.63, 1.66
    18:59:44 up 56 min, 2 users, load average: 2.08, 1.62, 1.66
    18:59:49 up 56 min, 2 users, load average: 2.00, 1.61, 1.66
    18:59:54 up 56 min, 2 users, load average: 2.16, 1.65, 1.67
    18:59:59 up 56 min, 2 users, load average: 2.06, 1.64, 1.66
    19:00:04 up 56 min, 2 users, load average: 2.06, 1.65, 1.67
    19:00:09 up 56 min, 2 users, load average: 1.97, 1.63, 1.66
    19:00:14 up 56 min, 2 users, load average: 1.90, 1.62, 1.66
    19:00:19 up 56 min, 2 users, load average: 1.74, 1.60, 1.65
    19:00:24 up 56 min, 2 users, load average: 1.76, 1.60, 1.65
    295 processes: 291 sleeping, 4 running, 0 zombie, 0 stopped
    CPU states: cpu user nice system irq softirq iowait idle
    total 19.8% 0.0% 1.1% 0.0% 0.1% 4.3% 74.2%
    cpu00 40.0% 0.0% 1.1% 0.1% 0.7% 1.1% 56.5%
    cpu01 19.1% 0.0% 0.9% 0.0% 0.1% 0.7% 78.8%
    cpu02 10.7% 0.0% 1.3% 0.0% 0.0% 3.5% 84.2%
    cpu03 9.5% 0.0% 1.1% 0.0% 0.0% 11.7% 77.4%
    Mem: 2075332k av, 2019112k used, 56220k free, 0k shrd, 67312k buff
    1712444k active, 217640k inactive
    Swap: 2040212k av, 0k used, 2040212k free 485052k cached

    PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
    10866 nobody 15 0 27972 16M 2248 S 0.6 0.8 0:12 0 httpd
    10886 nobody 15 0 28712 17M 2288 S 0.6 0.8 0:16 0 httpd
    22611 nobody 15 0 27396 16M 2216 S 0.6 0.7 0:05 0 httpd
    10804 nobody 16 0 29612 18M 2292 R 0.4 0.9 0:14 1 httpd
    10907 nobody 16 0 27848 16M 2292 S 0.4 0.8 0:15 2 httpd
    10743 nobody 16 0 29048 17M 2356 S 0.3 0.8 0:15 1 httpd

    without explanation the machine goes up in second and load goes more than for 200 and stops the machine, does not obtain to discover what it can be happening, the machine this stopping the 3 or 4 times to the day...

    the versions in use are PHP 5.1.2 mysql 4.1.13, all the machine are brought up to date, firewall apf..

    exactly with php 4.4.2 the problem continues

    I have verified the usuario nobody through the Main System Health Show Current CPU Usage and is acting of normal form

    the statisticians and cpbackup not working in the schedule that gives the problem

    information of my machine

    Dual xeon 3.2
    2Gb
    HD SCSI
    Total Sites = 257



    http://www.isbrasil.info/sys/



    Apache Server Status for plutonio.isbrasil.info

    Main >> Server Status >> Apache Status
    Server Version: Apache 3
    Server Built: Feb 4 2006 18:58:47

    --------------------------------------------------------------------------------
    Current Time: Monday, 06-Feb-2006 19:18:44 BRST
    Restart Time: Monday, 06-Feb-2006 18:04:32 BRST
    Parent Server Generation: 1
    Server uptime: 1 hour 14 minutes 12 seconds
    Total accesses: 213129 - Total Traffic: 1.5 GB
    CPU Usage: u3020.08 s104.07 cu.81 cs.83 - 70.2% CPU load
    47.9 requests/sec - 350.8 kB/second - 7.3 kB/request
    73 requests currently being processed, 84 idle servers
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN

    This issue is very common among users with vulnerable servers. You need to search these forums for information on how to secure your server.
     
  3. c0i0t3

    c0i0t3 Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hospedagem de Site
    Hi,
    Server is protected by APF, BFD, RKhunter, mod_security...and is totally updated with latest versions of softwares.... how I can discover which is this vulnerable user? It has plus some information that I can supply? very tranks!
     
  4. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Check the number of connections to your server at the time server load is high. Use the following command:
    netstat -alntp

    If you wish to block IPs, you can through APF.

    In addition, check MySQL procesess running on the server at the time the server load is high. Use the following command:
    mysqladmin proc
     
  5. c0i0t3

    c0i0t3 Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hospedagem de Site
  6. fmalekpour

    fmalekpour Well-Known Member
    PartnerNOC

    Joined:
    Dec 4, 2002
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    Sounds like a DDoS attack on one of your sites. Try mod_evasive (http://www.nuclearelephant.com/projects/mod_evasive/)

    Also it seems you have some sort of trojans on server:

    tcp 0 0 70.86.153.181:46309 61.235.11.144:113

    try "ps auxf" and see if you have any suspicious process.

    - F.Malekpour
     
  7. c0i0t3

    c0i0t3 Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hospedagem de Site
  8. fmalekpour

    fmalekpour Well-Known Member
    PartnerNOC

    Joined:
    Dec 4, 2002
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    Yes, mod_evasive will help.

    - F.Malekpour
     
  9. c0i0t3

    c0i0t3 Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hospedagem de Site
  10. c0i0t3

    c0i0t3 Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hospedagem de Site
    in less than 10 minutes load went up until the machine to stop, can give plus some information? Please, help me! Tranks


    16:05:44 up 22:02, 1 user, load average: 4.98, 6.49, 9.42
    16:05:49 up 22:02, 1 user, load average: 4.66, 6.40, 9.38
    16:05:54 up 22:02, 1 user, load average: 4.37, 6.31, 9.33
    16:05:59 up 22:02, 1 user, load average: 4.02, 6.20, 9.28
    16:06:04 up 22:02, 1 user, load average: 3.69, 6.10, 9.23
    16:06:09 up 22:02, 1 user, load average: 3.56, 6.03, 9.19
    16:06:14 up 22:02, 1 user, load average: 3.51, 5.98, 9.16
    16:06:19 up 22:02, 1 user, load average: 3.63, 5.97, 9.14
    16:06:24 up 22:02, 1 user, load average: 3.34, 5.87, 9.09
    16:06:29 up 22:03, 1 user, load average: 3.15, 5.79, 9.04
    16:06:34 up 22:03, 1 user, load average: 2.98, 5.71, 9.00
    16:06:39 up 22:03, 1 user, load average: 2.74, 5.61, 8.95
    16:06:44 up 22:03, 1 user, load average: 2.52, 5.52, 8.90
    16:06:50 up 22:03, 1 user, load average: 2.56, 5.48, 8.87
    16:06:55 up 22:03, 1 user, load average: 2.60, 5.43, 8.84
    16:07:00 up 22:03, 1 user, load average: 2.87, 5.44, 8.82
    16:07:05 up 22:03, 1 user, load average: 3.28, 5.49, 8.82
    16:07:10 up 22:03, 1 user, load average: 3.26, 5.44, 8.79
    16:07:15 up 22:03, 1 user, load average: 3.00, 5.35, 8.74
    16:07:20 up 22:03, 1 user, load average: 3.56, 5.43, 8.75
    16:07:25 up 22:03, 1 user, load average: 4.15, 5.52, 8.76
    16:07:30 up 22:04, 1 user, load average: 4.70, 5.61, 8.77
    16:07:35 up 22:04, 1 user, load average: 4.80, 5.62, 8.75
    16:07:41 up 22:04, 1 user, load average: 4.98, 5.64, 8.74
    16:07:46 up 22:04, 1 user, load average: 4.66, 5.56, 8.70
    16:07:51 up 22:04, 1 user, load average: 4.45, 5.51, 8.67
    16:07:56 up 22:04, 1 user, load average: 4.25, 5.45, 8.63
    16:08:01 up 22:04, 1 user, load average: 4.15, 5.41, 8.60
    16:08:06 up 22:04, 1 user, load average: 4.06, 5.37, 8.57
    16:08:11 up 22:04, 1 user, load average: 3.89, 5.31, 8.53
    16:08:16 up 22:04, 1 user, load average: 3.90, 5.29, 8.51
    16:08:21 up 22:04, 1 user, load average: 3.91, 5.27, 8.48
    16:08:26 up 22:04, 1 user, load average: 4.40, 5.34, 8.49
    16:08:31 up 22:05, 1 user, load average: 6.37, 5.74, 8.60
    16:08:36 up 22:05, 1 user, load average: 8.74, 6.27, 8.75
    16:08:43 up 22:05, 1 user, load average: 9.48, 6.46, 8.79
    16:08:48 up 22:05, 1 user, load average: 11.69, 6.97, 8.95
    16:08:53 up 22:05, 1 user, load average: 12.75, 7.27, 9.03
    16:08:58 up 22:05, 1 user, load average: 12.45, 7.30, 9.03
    16:09:03 up 22:05, 1 user, load average: 12.02, 7.29, 9.02
    16:09:08 up 22:05, 1 user, load average: 13.78, 7.74, 9.15
    16:09:13 up 22:05, 1 user, load average: 16.04, 8.31, 9.33
    16:09:20 up 22:05, 1 user, load average: 18.52, 8.95, 9.53
    16:09:29 up 22:06, 1 user, load average: 27.57, 11.20, 10.26
    16:09:36 up 22:06, 1 user, load average: 30.16, 12.01, 10.53
    16:09:44 up 22:06, 1 user, load average: 40.52, 14.84, 11.46
    16:09:49 up 22:06, 1 user, load average: 40.16, 15.19, 11.60
    16:09:57 up 22:06, 1 user, load average: 40.56, 16.11, 11.93
    16:10:02 up 22:06, 1 user, load average: 39.95, 16.39, 12.04
    16:10:07 up 22:06, 1 user, load average: 41.16, 17.03, 12.27
    16:10:14 up 22:06, 1 user, load average: 43.55, 17.92, 12.59
    16:10:23 up 22:06, 1 user, load average: 47.39, 19.56, 13.18
    16:10:31 up 22:07, 1 user, load average: 48.00, 20.15, 13.40
    16:10:37 up 22:07, 1 user, load average: 51.35, 21.75, 13.99
    16:10:45 up 22:07, 1 user, load average: 51.88, 22.35, 14.23
    16:10:55 up 22:07, 1 user, load average: 55.88, 24.18, 14.91
    16:11:00 up 22:07, 1 user, load average: 60.94, 25.76, 15.47
    16:11:05 up 22:07, 1 user, load average: 61.18, 26.39, 15.73
    16:11:11 up 22:07, 1 user, load average: 60.13, 26.75, 15.90
    16:11:16 up 22:07, 1 user, load average: 57.47, 26.75, 15.96
    16:11:21 up 22:07, 1 user, load average: 56.96, 27.16, 16.15
    16:11:26 up 22:07, 1 user, load average: 55.52, 27.35, 16.27
    16:11:31 up 22:08, 1 user, load average: 53.23, 27.35, 16.33
    16:11:37 up 22:08, 1 user, load average: 53.29, 28.21, 16.73
    16:11:42 up 22:08, 1 user, load average: 52.31, 28.42, 16.86
    16:11:48 up 22:08, 1 user, load average: 51.72, 28.69, 17.01
    16:11:55 up 22:08, 1 user, load average: 56.07, 29.98, 17.49
    16:12:00 up 22:08, 1 user, load average: 58.54, 30.92, 17.86
    16:12:18 up 22:08, 1 user, load average: 68.41, 34.97, 19.47
    16:12:35 up 22:09, 1 user, load average: 72.69, 37.59, 20.58
    16:12:40 up 22:09, 1 user, load average: 72.96, 38.23, 20.88
    16:13:25 up 22:09, 1 user, load average: 106.96, 51.14, 26.01
    16:14:05 up 22:10, 1 user, load average: 137.15, 65.75, 31.98
    16:15:07 up 22:11, 1 user, load average: 158.50, 86.24, 41.35
    16:15:30 up 22:12, 1 user, load average: 161.37, 91.57, 44.06
    16:15:57 up 22:12, 1 user, load average: 166.28, 99.39, 48.17
    16:17:06 up 22:13, 1 user, load average: 266.22, 142.00, 66.35
    CPU states: cpu user nice system irq softirq iowait idle
    total 7.5% 0.0% 51.5% 0.0% 0.3% 36.5% 3.9%
    cpu00 12.0% 0.0% 47.0% 0.0% 0.8% 36.6% 3.1%
    cpu01 7.1% 0.0% 49.7% 0.0% 0.0% 30.5% 12.6%
    cpu02 5.7% 0.0% 55.8% 0.1% 0.4% 37.8% 0.0%
    cpu03 5.1% 0.0% 53.4% 0.0% 0.1% 41.1% 0.0%
    Mem: 2075332k av, 2025552k used, 49780k free, 0k shrd, 9940k buff
    1462896k active, 383164k inactive
    Swap: 2040212k av, 1986732k used, 53480k free 27948k cached

    PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
    3994 nobody 16 0 22580 8068 1300 S 0.5 0.3 0:01 3 httpd
    4039 nobody 17 0 23452 9052 1304 S 0.4 0.4 0:01 0 httpd
    4191 nobody 17 0 23428 8572 1176 S 0.4 0.4 0:01 1 httpd
    4276 mailnull 16 0 7604 3012 2040 S 0.4 0.1 0:01 2 exim
    3991 nobody 16 0 22312 7832 1256 S 0.3 0.3 0:01 0 httpd
    4054 nobody 16 0 22236 7208 1228 S 0.3 0.3 0:01 2 httpd
    4205 nobody 16 0 23464 9096 1264 S 0.3 0.4 0:01 3 httpd
    4218 nobody 16 0 23428 8656 1236 S 0.3 0.4 0:00 3 httpd
    4227 nobody 15 0 23428 8704 1180 S 0.3 0.4 0:00 0 httpd
    4238 nobody 16 0 22236 7660 1212 D 0.3 0.3 0:00 0 httpd
    4244 nobody 15 0 22308 7740 1236 D 0.3 0.3 0:00 0 httpd
    4253 nobody 16 0 22320 7020 1160 S 0.3 0.3 0:00 3 httpd
     
  11. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Since you can't stop these attacks, you'll have to hire a sys admin to look into this problem for you.
     
  12. c0i0t3

    c0i0t3 Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hospedagem de Site
    exists some thing that I can make at this moment? Tranks
     
Loading...

Share This Page