Hi Total CPU for last 2 days at around same time - HELP

D

dicko_md

Basic Pleskian
Hi

Plesk 11.5.30 #37

Last 2 days at about the same time my server has come to a halt. i took a screen capture of htop. The health monitor says high cpu usage at about 93-96% but htop shows memory been eaten up by apache from what I can see.

How can i drill down and see who or what is the culprit ?

Thanks Martyn

serverb_high_cpu_usage.png
 
Sounds like you were under a DOS attack, which caused your server to run out or memory and hang ...

Firstly, do you have any firewall tools installed on your server? I would highly recommend CSF and with it you can KILL the common dos-attacks with the "SYNFLOOD" flag ..
After installation,
Code: 
vim /etc/csf/csf.conf

And change to:
Code: 
SYN_FLOOD = 1
PORTFLOOD = 80
DENY_TEMP_IP_LIMIT  = 200

and reload service with

Code: 
csf -r

Secondly, you can also prevent DDoS attack by using mod_evasive in Apache 2. Mod_evasive is an Apache module that provides evasive maneuvers action in the event of an HTTP DoS or DDoS (Denial of Service) attack or brute force attack

Thirdly, ddos_deflate is another very good connection based IP banning tool to consider ..
 
Investigating a dos-attack at the time it's occurring

Determine connections on Port 80 with

Code: 
netstat -tulpn| grep :80
netstat -lnp | grep ':80'

No. of Active Connections

Code: 
netstat -n | grep :80 |wc -l

List ALL IPs in active connections with the number of connections

Code: 
netstat -apn|grep :80 |awk '{print $5}'|sort

Optimization of Apache

Code: 
vi /etc/httpd/conf/httpd.conf

For the best performance on most websites leave,

Code: 
KeepAlive On
KeepAliveTimeout to 1 or 2 seconds

With that kind of information, you can easily block IPs that are attacking you..
 
Hi

its just started to go down now and we are under 80% for total cpu but memory is still high using 3323 of 3545

Im guessing someone is running a cron or a script early morning unless someone else has a reason unless I was under ddos attack. Do ddos attacks not just happen all the time or are they every so often or regular intevervals ?

Thanks

Martyn
 
It might not be a dos-attack, but could be a very high traffic and a heavy (UN-optimized) wordpress website eating up your RAM.
If it's a cron, htop should show it...

Please look closely at the above recommendations ...
 
You must log in or register to reply here.

Similar threads

T
Issue 100% CPU
Replies
8
Views
3K
Peter Debik
P
E
Issue Abnormal CPU usage and Apache crash
Replies
13
Views
7K
MartinT
M
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
8
Views
5K
HHawk
HHawk
randypetersen
Question After upgrade PHP-FPM has high cpu usage.
Replies
6
Views
14K
Peter Debik
P
X
Resolved Plesk Extension: Plesk Email Security (Very Slow Delivery)
Replies
8
Views
9K
Kaspar@Plesk
Kaspar@Plesk
Back
Top