Results 1 to 6 of 6
  1. #1
    Join Date
    Oct 2002
    Location
    Sydney Australia
    Posts
    49

    High Server Load

    Hi Guys

    For the past few days have been having unusualy high server load causing most services to die and the server needing a reboot. Here is an output from top. What do you think it could be? The server has 2gb ram.

    20:17:22 up 11:42, 1 user, load average: 18.89, 14.35, 10.68
    260 processes: 257 sleeping, 1 running, 2 zombie, 0 stopped
    CPU states: cpu user nice system irq softirq iowait idle
    total 0.3% 0.0% 39.6% 0.1% 0.0% 52.4% 7.3%
    cpu00 0.4% 0.0% 54.1% 0.7% 0.0% 43.3% 1.3%
    cpu01 0.3% 0.0% 32.5% 0.0% 0.0% 53.7% 13.3%
    cpu02 0.1% 0.0% 27.7% 0.0% 0.0% 63.0% 9.1%
    cpu03 0.3% 0.0% 44.4% 0.0% 0.0% 49.6% 5.6%
    Mem: 2054928k av, 2037024k used, 17904k free, 0k shrd, 1712k buff
    1956532k actv, 30060k in_d, 276k in_c
    Swap: 2040212k av, 2040212k used, 0k free 19868k cached

    PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
    11 root 25 0 0 0 0 DW 17.2 0.0 38:52 0 kswapd
    12 root 17 0 0 0 0 SW 10.8 0.0 45:01 3 kscand
    31777 mysql 15 0 36736 35M 768 D 1.2 1.7 0:09 1 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysq
    31511 nobody 15 0 12368 8572 704 D 0.8 0.4 0:04 3 /usr/local/apache/bin/httpd -DSSL
    32072 auspcwor 15 0 20968 4536 652 D 0.7 0.2 0:01 0 spamd child
    32073 auspcwor 15 0 20968 4540 652 D 0.7 0.2 0:01 2 spamd child
    2121 root 16 0 0 0 0 SW 0.6 0.0 1:28 3 kjournald
    31484 mysql 15 0 36736 35M 768 D 0.6 1.7 0:07 1 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysq
    32160 root 34 19 752 752 596 D N 0.6 0.0 0:00 0 /usr/bin/perl /usr/local/cpanel/bin/eximstatspass
    2765 root 15 0 584 520 276 S 0.5 0.0 1:01 1 antirelayd
    31473 mysql 15 0 36736 35M 768 S 0.5 1.7 0:00 0 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysq
    31506 nobody 15 0 13292 9416 612 D 0.5 0.4 0:08 3 /usr/local/apache/bin/httpd -DSSL
    31521 mysql 15 0 36736 35M 768 D 0.5 1.7 0:06 1 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysq
    32086 cpanel 15 0 8676 4548 1236 D 0.5 0.2 0:00 3 cpaneld - serving 138.130.169.17
    32090 cpanel 15 0 5312 5312 1380 D 0.4 0.2 0:03 0 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde/i
    32158 root 15 0 8660 4260 1252 D 0.4 0.2 0:00 2 cpaneld - serving
    31580 root 15 0 996 904 564 D 0.3 0.0 0:01 3 sshd: root@pts/0
    32159 root 15 0 8660 4260 1252 D 0.3 0.2 0:00 1 cpaneld - serving 138.130.169.17
    31476 mysql 15 0 36736 35M 768 S 0.2 1.7 0:00 1 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysq
    32151 mysql 15 0 36744 35M 776 D 0.2 1.7 0:00 2 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysq
    2628 named 15 0 2332 1296 696 D 0.1 0.0 0:15 1 /usr/sbin/named -u named
    2631 named 15 0 2332 1296 696 D 0.1 0.0 0:16 0 /usr/sbin/named -u named
    2816 root 15 0 20784 3032 544 D 0.1 0.1 1:41 1 /usr/bin/spamd -d --allowed-ips=127.0.0.1 --pidfile=/var/run/spam
    31477 mysql 15 0 36736 35M 768 S 0.1 1.7 0:00 3 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysq
    31788 mysql 15 0 36736 35M 768 S 0.1 1.7 0:02 3 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysq
    32144 mysql 15 0 36744 35M 776 D 0.1 1.7 0:00 2 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysq
    32147 nobody 15 0 4768 1756 632 D 0.1 0.0 0:00 3 /usr/local/apache/bin/httpd -DSSL
    1 root 15 0 488 460 428 S 0.0 0.0 0:14 1 init
    2 root RT 0 0 0 0 SW 0.0 0.0 0:00 0 migration/0
    3 root RT 0 0 0 0 SW 0.0 0.0 0:00 1 migration/1
    4 root RT 0 0 0 0 SW 0.0 0.0 0:00 2 migration/2
    5 root RT 0 0 0 0 SW 0.0 0.0 0:00 3 migration/3
    6 root 15 0 0 0 0 SW 0.0 0.0 0:02 2 keventd
    7 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 ksoftirqd/0

  2. #2
    Hi ,

    You need to check into your WHM ( IF YOU HAVE ) the section :

    SERVER STATUS - Cpu / Memory / Mysql Usage

    The first account have the top of usage resources of cpu and memory , is this account is taken so much resources , you need to enter in ssh and see:

    pico -w /usr/local/apache/logs/domain.com

    See the las lines , if one ip appear constantly it is maby that ip is making a ddos atacks , is you see a lot of ips , but not one is repeat the account is having so much of conections , so you need to block it

    For block a ip :

    /etc/apf/apf -d ip.ip.ip.ip

    See you !

  3. #3
    I doubt it's a DDOS attack otherwise he couldn't get those statistics, unless they were emailed to him, and if they were I highly doubt they are up-to-date.

    Anyway, if you can't ping your server a few times without problems, then it may be a DDOS attack.

    But if you can, find out the process using the most CPU Power.

  4. #4
    Hi,

    First provide the details like what is the server configuration...... what are all the third party software that you use(if WHM then you will have fantastico based free tools)... does your system uses mysql a lot?.... Have you optimized all your services.... have you upgraded the free tools available in Fantastico.....
    liwiplus Team,
    http://www.liwiplus.com
    The Support Sages

  5. #5
    Quote Originally Posted by joshcrick
    I doubt it's a DDOS attack otherwise he couldn't get those statistics, unless they were emailed to him, and if they were I highly doubt they are up-to-date.

    Anyway, if you can't ping your server a few times without problems, then it may be a DDOS attack.

    But if you can, find out the process using the most CPU Power.
    what do you mean?
    can you tell me more about it?
    how can i know i have DDOS attack on the server?
    & how can i solve this if there is DDOS attack?


    Thanks

  6. #6
    Quote Originally Posted by AnaHost
    what do you mean?
    can you tell me more about it?
    how can i know i have DDOS attack on the server?
    & how can i solve this if there is DDOS attack?


    Thanks
    A ddos atacks take a lot of conections on your server, this cause that the new conections cannot be procesed and your website dont work , if you cannot view a website , but when you make a ping yourdomain.com it is respond the mos probably is that your server it is atacked....


    "0 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde/i "

    I see that you have cpanel so if you have root access to the server think in my first post.

    See you...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •