Results 1 to 2 of 2
  1. #1

    Problem with VPS, please Help!

    Im currently running a VPS and it runs just fine when its up, but at random times the CPU load will go to 40000% out of nowhere, which will take down the VPS.

    It does this a couple of times a day and creates hours of downtime.

    We ran the "netstat -n | grep :80 |wc -l'ing" command and got 49 and 56 at another time.

    Additionally, we ran the rootkit but found nothing either.

    We believe it is a script or person that is causing this but dont know how to track it down since the logs don't show anything, please help.


  2. #2
    Join Date
    May 2003
    Did you get your problem resolved? Here are a couple items to check. There are many more, but this can get you started.

    [ ] Is it a cPanel server? If so, check WHM --> Server Status --> Apache status to see which site is being having much hits.

    [ ] Check for DOS attack:
    netstat -pan|grep SYN

    [ ] Check how many connections to port 80:
    netstat -n | grep :80 |wc -l

    [ ] See how many connections to from each IP:
    netstat -an | grep :80 | awk '{print $5}' | cut -f1 -d":" | sort | uniq -c | sort -n

    [ ] Check if anyone is overloading MySQL:
    mysqladmin pr | awk -F\| {'print $3'} | sort -nk1 | awk -F_ {'print $1'} |uniq -c |sort

    [ ] Check /tmp folder - ignoring the session files
    ls -al /tmp|grep -v sess

    [ ] Check running processes
    ps aux|grep ^nobody
    ps aux|grep sh

    [ ] Show running processes to figure out when a program started
    ps -aux
    nobody 17859 2.2 0.2 8076 2452 ? S Jan13 91:42 /usr/sbin/apache/logins
    - Note the time that the file was run and how long. Notice in my example it shows: Jan13 91:42. That's 91 minutes and 42 seconds ago from the time you ran top.
    You can use that time to start digging through /usr/local/apache/domlogs

    [ ] Check your mail logs to see if somebody is sending out a large quantity of emails.

    Good luck.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts