Results 1 to 8 of 8
  1. #1

    High Server Load and top

    My server went down when i was in "top". Following is the last screen i got in SSH.

    15:43:17 up 30 min, 2 users, load average: 41.15, 33.35, 22.17
    90 processes: 88 sleeping, 2 running, 0 zombie, 0 stopped
    CPU states: cpu user nice system irq softirq iowait idle
    total 6.1% 0.0% 0.9% 15.1% 23.8% 1.1% 52.6%
    Mem: 505396k av, 293632k used, 211764k free, 0k shrd, 55820k buff
    230328k active, 16844k inactive
    Swap: 1052248k av, 0k used, 1052248k free 121824k cached

    PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
    6759 mailnull 15 0 3748 3748 2576 S 3.7 0.7 0:00 0 exim
    2878 named 15 0 5260 5260 2152 S 0.1 1.0 0:02 0 named
    6421 root 16 0 1116 1116 884 R 0.1 0.2 0:01 0 top
    6467 nobody 15 0 11592 11M 2336 S 0.1 2.2 0:00 0 httpd
    1 root 15 0 488 488 432 S 0.0 0.0 0:03 0 init
    2 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 keventd
    3 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kapmd
    4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 ksoftirqd/0
    7 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 bdflush
    5 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kswapd
    6 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kscand
    8 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kupdated
    9 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 mdrecoveryd
    13 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald
    68 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 khubd
    1265 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald
    1582 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 eth0
    1822 root 15 0 568 568 488 S 0.0 0.1 0:00 0 syslogd
    1826 root 15 0 452 452 392 S 0.0 0.0 0:00 0 klogd
    1864 root 15 0 404 404 344 S 0.0 0.0 0:00 0 mdadm
    1877 root 15 0 12152 11M 1376 S 0.0 2.4 0:00 0 mdmpd
    1878 root 25 0 12152 11M 1376 S 0.0 2.4 0:00 0 mdmpd
    1981 root 15 0 1876 1876 1384 S 0.0 0.3 0:00 0 cupsd
    2003 root 15 0 1520 1520 1276 S 0.0 0.3 0:00 0 sshd
    2017 root 15 0 908 908 780 S 0.0 0.1 0:00 0 xinetd
    It seems almost all processes are normal.

    Can anyone tell me why the server load is at 40 ?

    Regards,

    Yujin

  2. #2
    similiar problem that i've experienced. cat /proc/version

    if your kernel version is 2.6.9-22 this is a bad kernel, either switch it back to 2.6.9-11 or have the kernel updated.
    GameWarrior.net - Bringing Gaming To The Next Level
    GamingMonkeys.com - Come Play Fun Flash Games !

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    DO NOT DOWNGRADE. The prior kernel is vulnerable.

    The set_mempolicy system call did not check for negative numbers in the
    policy field. An unprivileged local user could use this flaw to cause a
    denial of service (system panic). (CVE-2005-3053)

    A flaw in ioremap handling on AMD 64 and Intel EM64T systems. An
    unprivileged local user could use this flaw to cause a denial of service or
    minor information leak. (CVE-2005-3108)

    A race condition in the ebtables netfilter module. On a SMP system that is
    operating under a heavy load this flaw may allow remote attackers to cause
    a denial of service (crash). (CVE-2005-3110)

    A memory leak was found in key handling. An unprivileged local user could
    use this flaw to cause a denial of service. (CVE-2005-3119)

    A flaw in the Orinoco wireless driver. On systems running the vulnerable
    drive, a remote attacker could send carefully crafted packets which would
    divulge the contents of uninitialized kernel memory. (CVE-2005-3180)

    A memory leak was found in the audit system. An unprivileged local user
    could use this flaw to cause a denial of service. (CVE-2005-3181)
    Just some of what is vulnerable.

    Any server admin that downgrades to fix a issue is irresponsible. There are other ways to fix the issue in question.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    My server use kernel - 2.4.21-9.0.1.EL

    Linux version 2.4.21-9.0.1.EL ([email protected]) (gcc version 3.2.3 20030502 (Red Hat Linux 3.2.3-26)) #1 Mon Feb 9 22:44:14 EST 2004
    It seems old, can any one tell me how to upgrade kernel ?

    Regards,

    Yujin

  5. #5
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    Quote Originally Posted by flashwebhost
    My server use kernel - 2.4.21-9.0.1.EL



    It seems old, can any one tell me how to upgrade kernel ?

    Regards,

    Yujin
    I suggest hiring someone to do that for you...
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  6. #6
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    redhat enterprise:

    up2date -f kernel

    Centos:

    yum install kernel

    fix bootloader to boot as default

    and reboot..


    However go to top again and do this

    shift + m

    whats the first 10 top listings?
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  7. #7
    Thanks Steven for the info. The problem was solve, as per ThePlanet, it was

    we monitored a large rate (~87.5 Kpps) of incoming malicious traffic directed to your server's IP address of xx.xx.xx.xx.

    We have enabled network-level flood protection to protect your server. Protection will be enabled until further notice.

    Please update this ticket if you are experiencing any connection problems.

    I tried up2date, but getting following error.

    # up2date -f kernel
    This system may not be updated until it is associated with a channel.
    #

  8. #8
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Contact theplanet and have them setup your server for their rhn server.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •