The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

server overload in many places

Discussion in 'General Discussion' started by I Love Jesus, Dec 14, 2004.

  1. I Love Jesus

    I Love Jesus AKA chadi

    Joined:
    Dec 6, 2004
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Please see two images attached. What's with spamassassin using all this overload?

    This is a Dual Xeon 2.4GHz HT server (HP rackmount server) with 2GB ECC Buffered RAM.

    It should handle this.
     

    Attached Files:

  2. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Looks ok to me. Seems gzip is using a bit of resources.. whats it looking like in top when the load spikes ? What OS? What kernel ? Does your OS have full support for the hardware in which it runs ? Have you tried tweaking config files ?
     
  3. I Love Jesus

    I Love Jesus AKA chadi

    Joined:
    Dec 6, 2004
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    I'm using Fedora Core 2. About kernel, how do I check what version I have? I never knew the command (newbie).

    Also, to be honest never checked about hardware compatibility. Does their site actually mention this? Reason is because I lease it from the data center anyway, so its not my property :)

    What type of config tweaking do you recommend? Please remember I'm slightly new with this so help me out if you may. Thanks.
     
  4. I Love Jesus

    I Love Jesus AKA chadi

    Joined:
    Dec 6, 2004
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    What's with the awstats overload, gzip and the httpd -DSL?

    How do I control these?

    Also, is it possible to remove awstats per domain? I could not find that.
     
  5. I Love Jesus

    I Love Jesus AKA chadi

    Joined:
    Dec 6, 2004
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    I ran top and got this just now:

    11459 root 16 0 122m 115m 1388 R 83.9 5.7 12:03.15 /usr/sbin/grpck
    22533 mysql 23 0 56752 41m 3756 R 25.2 2.0 0:00.77 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/server.domain.com.pid --skip
    11458 root 15 0 2380 1216 2200 R 19.7 0.1 4:48.50 /usr/bin/expect -- /scripts/grpck
    21203 body 39 19 9512 8056 2816 R 15.4 0.4 0:00.69 /usr/bin/perl /usr/local/cpanel/3rdparty/bin/awstats.pl -config=prmpresponse.domain.com -update
    20979 nobody 15 0 27064 14m 16m S 7.2 0.7 0:01.11 /usr/local/apache/bin/httpd -DSSL
    13268 nobody 15 0 27260 14m 16m S 6.9 0.7 0:04.93 /usr/local/apache/bin/httpd -DSSL
    1520 root 15 0 2984 568 1300 D 3.9 0.0 10:25.31 syslogd -m 0
    22512 mailnull 15 0 8224 3644 6284 S 2.3 0.2 0:00.07 /usr/sbin/exim -bd -q15m
    22179 root 17 0 3200 1032 1624 R 2.0 0.0 0:00.98 top
    22480 mailnull 15 0 8224 3652 6284 S 2.0 0.2 0:00.20 /usr/sbin/exim -bd -q15m
    6 root RT 0 0 0 0 S 1.6 0.0 164:50
     
  6. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    There is a new cpanel addon module ( have a look under the cpanel heading in whm ) to control stats programs.

    You might also find that changing the number of times stats run ( via tweak settings in WHM ) per day ( as in increase it ) will result in a higher load. That is because, of course, the smaller the log file that is parsed, the less load is put on the server.
     
  7. I Love Jesus

    I Love Jesus AKA chadi

    Joined:
    Dec 6, 2004
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Yes, I changed that already before to run only at 00:00 1 time per day, each day.

    What about gzip?
     
  8. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Running the logs for 1 hour per day.. bad.

    Running gzip ( cpanel backup most likely ) on a server that you have no idea how to tweak .. worse.

    If you can't figure out how to work your machine.. find someone who can. You might find it best to switch to incremental backups for the time being, which does not use gzip.
     
  9. I Love Jesus

    I Love Jesus AKA chadi

    Joined:
    Dec 6, 2004
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    someone is spamming!

    Please help me here...now status shows these in red

    Code:
    User Domain %CPU %MEM Mysql Processes 
    root  93.41 29.11 2.0 
    Top Process %CPU 84.3 /usr/sbin/grpck 
    Top Process %CPU 84.2 /usr/sbin/grpck 
    Top Process %CPU 84.1 /usr/sbin/grpck 
    mysql  42.00 22.34 0.0 
    Top Process %CPU 99.9 /usr/sbin/mysqld --basedir/ --datadir/var/lib/mysql --usermysql --pid-file/var/lib/mysql/server.domain.com.pid --skip-locking --port3306 
    Top Process %CPU 97.0 /usr/sbin/mysqld --basedir/ --datadir/var/lib/mysql --usermysql --pid-file/var/lib/mysql/server.domain.com.pid --skip-locking --port3306 
    
    Something is causing the process to load high.
    I believe someone is also attempting to spam from my server.
    Yesterday the load was about 17k in queue, deleted them all,
    and then this mornign about 7k in qeueue, deleted them all. I checked now again
    and about 1500 in queue. How do I track this down?

    I ran chkrootkit and rkhunter, both fine.
     
  10. linux-image

    linux-image Well-Known Member

    Joined:
    Jun 8, 2004
    Messages:
    1,192
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    Root Administrator
    hmm.. seems like spamming to me too. mayb someone is using the php function to spam. you can disable mailing via php at the WHM. and then u can monitor to see if the mail queue is increasing.

    the grpck is one used to confirm the group in the userdatabase.. so that means mysql is being used heavily.

    http://publib.boulder.ibm.com/infoc...opic=/com.ibm.aix.doc/cmds/aixcmds2/grpck.htm

    you can reduce the number of mysql connections at the /etc/my.cnf and try to see if that helps.

    my guess is that someone is using a php/mysql software to spam ur server. the guy is well inside the server and it is better that u kick him out asap.
     
  11. I Love Jesus

    I Love Jesus AKA chadi

    Joined:
    Dec 6, 2004
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Are you referring to checking "prevent user nobody from sending..." in tweak settings?

    Also, how can I track this person? I know someone is definitely spamming from my server. I just can't seem to track them down.
     
  12. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    So you ignored the problem 3 times and just hoped it would go away, instead of fixing the underlying problem?

    Search these forums for 'extended exim logging', the oldest thread that comes up will tell you how to enable more extensive exim logging that will show you the location of the scripts on your server that are sending out mail, among many other details.


    You should really hire someone who is very knowledgable about server management and security.
     
Loading...

Share This Page