Sporadic High Load - WHM 11.32.5 (build 13) CLOUDLINUX 6.3 x86_64 xenpv

Skyla

Member
Apr 12, 2012
6
0
51
cPanel Access Level
Root Administrator
Hello,

We have a ("Cloud") VM server which for the most part works fantastic, most of the time there is no issues. Although at some points (sometimes can be weeks in between, sometimes a couple times in a week) I get extreme high load and on a few occurrence the entire server was inaccessible.

I can seem to put my hand on what the cause is, my guess is either brute force/DDOS attacks on some of the hosted websites or on the actual server.

I was under the impression CloudLinux was specialized to avoid exactly this?

I had the server initially configured by cPanel Service Package + MailScanner and then went through securing php as best as I could. Through the CSF server check I score extremely high (129/231), with the few points being non-issues as far as I know.

Plugings are:

CageFS
ConfigServer Explorer
ConfigServer Mail Manage
ConfigServer Mail Queues
ConfigServer MailScanner FE
ConfigServer ModSec Control
ConfigServer eXploit Scanner
ConfigServer Security&Firewall
Google Apps Wizard
Mod Security
Munin Service Monitor
Softaculous - Instant Installs

I can provide any log or specs you may require to help me out, anything would be greatly appreciate. My goal is to see if I can hopefully eliminate the high loads altogether or else know what to do during those times to optimize the situation.

Server Specs:
6 GB RAM
6 CPU Cores – 3.6 Ghz

Average load throughout the day jumps from 0.15 to 0.50 ... On high load goes from 5.00 to 15.00 and sometime 45.00+ (Around this point the server is so hard to work with I can barely get those stats)..

Which logs would be most helpful to post? This is the email alert I get:

Time: Mon Oct 29 10:50:58 2012 -0400
1 Min Load Avg: 11.79
5 Min Load Avg: 6.16
15 Min Load Avg: 3.65
Running/Total Processes: 5/293

Attached: ps.txt
Attached: vmstat.txt
Attached: apachestatus.html
 

Infopro

Well-Known Member
May 20, 2003
17,076
521
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
This area in WHM might be semi useful to you:
Home » Server Status » Daily Process Log

At top of that page, you can click back and forward thru recent days. At bottom of page in the Top Processes area you might be able to get some clues here as to what's going on.

Certainly worth a peek I think.