user1 is running some things on the server. I need user2 to be able to kill these processes (just kill, not start up again on the other user or any other extra priveledges). How can I do this?
I have a question related DDOS attack. My hosting provider told me that my Server was DDos attacked few days ago. But in those days my server worked fine only apache server was down. The strange fact is that in the same day with this "DDOS attack" one of theyr admins worked something on SSL section of my server and during this operation the SSL hosts were down and httpd worked slow.
Inthe passed 3 months httpd worked very slow and after 2-3 restarts of httpd service the load droped down below 3.00 . I believe theyr httpd service was already with problems and that SSL configuration cause that apache failure in that day with "ddos attack"
I repeat in that day ONLY ssl hosts worked fine and non SSL hosts were down.
It's possibile on DDOS attack that load to be unde 0.5 , SSL hosts to work fine, FTP, Mail and other stuf to work like there is nobody on server (VERY FAST)?
My server has been crashing quite alot lately, it does have some high traffic sites on there but it has never really been this bad before. Today i noticed these in cpanel, what are they and is there anyway I can control them?
i am facing slight problem with one of my VPSes. It had happened earlier also but had got resolved automatically.
Please see this screenshot: [url]
i know that the server load is not that great to cause this much SWAP usage. i think this is because of the processes not getting killed.
UPDATE: here is the screenshot of my other server with the same provider. which is not really overloaded but i think is facing the same problem of processes not getting killed [url]
In learning that some hosts seem to be tightening shared hosting specs, I'm wondering what a 'simultaneous process' is... as from this clip: 'number of simultaneous processes should not exceed 5'.
Is each part - for example, graphics and includes - of an individual webpage a 'process'?
I have a server that has server load showing at 25-40 (once it was even 53!), running like that for hours. The server has 4 cpus - and yet the sites on the server seem to run fine when I check them. What I'm wondering is, what exactly is load in this context; and how can load run so high like that without the server crashing?
According to top, the load is caused by httpd processes running under user 'nobody', that often take up double digit CPU percentage.
Does Apache always run under 'nobody'?
Is there any way to trace an httpd processes - which account it's for, or which physical script or URL is calling it?
And for top itself, the TIME field on one server of mine is in the format xx:xx (e.g. 3:25), on another it's TIME+ and in the format xx:xx.xx (e.g. 30:02.77). What exactly does this mean? I would asume it's minutes:seconds and minutes:seconds:hundredths, but while watching top it doesn't seem to correlate with that.
Each one takes up like 4% of the available ram - and when the ram is gone, the server dies (it doesn't have a swap file - half the time you can't even log in to it), and you have to reboot Apache.
I thought of limiting maxchilds, but would that break something else?
Should I just make a swap file? Will that defeat the point of creating child processes?
I update the sources.list on server 1 to mirrors of the new debian 4 etc . I run apt-get update and apt-get dist-upgrade . A whole bunch of things get updated (it was long time ago that I did this anyway). After some troubles with /boot/grub/menu.lst the server boots ok, and everything is well. This server used to have loads of 15-25 at peak times, but after the update its running very smooth with loads of 2-3 at the same peak times. I dont know why exactly, as I noticed updates in OS , kernel version (from 2.6.8x to 2.6.18) , apache2 , php (4.4.4-8+etch1) , and I also needed to update eaccelerator from 0.94 to 0.95 .
A few days later I update server 2. Everything seems to go the same, although the kernel version stays at 2.6.8-3-686. I dont think kernel version at start was exactly same at server 1. But the new php version is the same as server 1, and everything else looks the same too.
But when peak times are coming up, this server starts to have troubles. It is quickly rising to total of 200-300 processes , while server 1 always stays stable at 60-70.
Server 2 also reacts slow if I click somewhere on the site. It takes 5-10 seconds to show a new page. However the load stays pretty low at 1-2 . I see no big cpu usage and also no big memory usage. I have the impression that this server 2 is somehow wasting a lot of apache processes and is making things hard for itself without a real reason.
When I check the seperate mysql database server, I also notice a lot of processes.
Around 200-250 whereas it used to be 40-60. Sometimes this adds up so hard, that all webservers are blocked because mysql has too much processes. When I check the mysql connections, I see a few dozen things like 'unauthen ip:port Connect login' just hanging. All of them have the ip of webserver 2. Those extra apache processes are somehow hanging on to the mysql server without really doing something.
I dont know what is happening, but this server is underperforming very badly now. I managed to limit the problem by drastically lowering ServerLimit and MaxClients on webserver 2 , but this is no real solution. The server is still slow, at least now its not bringing down the others.
My question : what should I check for now ? I noticed a different structure in the conf files in debian etch, maybe something new has a bad influence on my old conf files? Is there something wrong with the combination of kernel+php version? I have no idea, please point me in the right direction so I can learn from this.
a topic long time ago that my server load is frequently high.
I'm talking about something like this Server Load 158.86 Memory Used 28.2 % Swap Used 99.57 %
[url]
The only way to solve this problem is to identify the load earlier and kill all httpd process. What I did was
#killall -9 httpd #killall -9 httpd #killall -9 httpd x 30~40 times until no pid process found & the server load is back to normal.
On previous thread, I tried to update mysql & php and it works,
Right now again I am experiencing high server load again...
I'm very sure it's caused by httpd but I am still unable to find out the real cause of the problem and which account user is the culprit for causing this high load.
Can someone assist me by telling me where/how to begin with?
I'm not sure I understand the server-status page enough to know if this is a problem or not, but I have several processes that seem to run forever, or until I restart Apache. e.g.
Code: 13-1 21045 0/697/4264 W 59.45 19641 0 0.0 43.28 274.97 66.249.66.133 www.example.com GET /wp/2005/01/ HTTP/1.1 19-1 408 1/834/1831 C 83.52 32463 0 14.8 149.66 263.48 66.249.66.133 www.example.com GET /wp/ HTTP/1.1 30-1 14416 0/430/431 W 35.19 13347 0 0.0 37.42 37.44 66.249.66.133 www.example.com GET /wp/category/issues/ HTTP/1.1
They are almost always on a single domain (there's about 100 on the server) that's a Wordpress site. These processes are also almost always a search engine.
On the rare case I see them running on other domains on the same server they're always on Wordpress sites.
The longer the processes run, the more processor/memory they use, the more they slow the server down.
It seems to have just started in the past few weeks, I've had the site there for a couple years.
Our server is running; Plesk 11.0.9 and CentOS 5.7 it has a Q8200 CPU @ 2.33GHz and 2GB of RAM. Now there are just two websites on the server plus a couple of redirects/forwarding domains, although lots of domains are still on the server but turned off in Plesk. Both websites are OSCommerce sites and I just need to keep these sites going until the end of the year when we will switch to our new Joomla based website.
We have seen an increasing number of server crashes and after various checks of the logs, fitting a new BIOS battery, check of the hardware by EasySpace who host the server, installation of ClamAV, LMD and RKHunter (which did find some Trojans and Suspect software), I have traced it down to some external Http activity that is taking all of my CPU time and RAM. Here is a screen capture of the Htop listing and when I killed these processes the CPU and RAM went back to normal. The problem is that I usually have to restart the HTTPD service and sometimes things get so bad that the server crashes and I have to request a power cycle.
This morning apache stopped to serve pages. I have tried to restart it with no success: ------- init.d/httpd restart ---------- init.d/httpd stop killall httpd init.d/httpd start ------ killall httpd init.d/httpd restart ---------
such like several times every time failed with the address already in use message
Was 4 oclock in the morning su I stopped investigating and restarted the machine
Is there a way to really shut down such a completely non-responsive process withou restarting the machine?
just a notice - there were not a heavy server load at the time
------------------
Server Version: Apache/2.2.6 (Mandriva Linux/PREFORK-8.2mdv2008.0) mod_ssl/2.2.6 OpenSSL/0.9.8e PHP/5.2.4 with Suhosin-Patch Server Built: Sep 12 2008 14:54:18
Code: ssh -fNg -L 8888:127.0.0.1:3306 user@123.456.789.0 How can sort of "undo" that? I ask because I need to re-tunnel in to a different IP address but right now the only way I can figure to do it is to restart my computer (which is lame).
One of my sites, hosts mp3s for music I've written for video games etc.
I uploaded a track in December, and this month my bandwith has rocketed from 18g to 25g.
When I look at the awstats I see this...
a.a.a.a11811181146.82 MB26 Jan 2007 - 17:47 a.a.a.a+11161116198.40 MB26 Jan 2007 - 17:49 b.b.b.b1151115119.61 KB26 Jan 2007 - 08:00 c.c.c.c62062023.71 MB26 Jan 2007 - 15:18 d.d.d.d543543025 Jan 2007 - 20:52 e.e.e.e537537025 Jan 2007 - 20:18 f.f.f.f 3103104.18 MB26 Jan 2007 - 17:00
Now I'm not sure about the MB values, they don't look true at all, but why suddenly would the two top places have the same IP address bar a value of 1
If I scroll down to file usage, I see
/blah/blah/blah.mp3 7533305.76 KB52685276 - so it's been viewed 7533 times
and the next most popular page or file is, / 10099.69 KB830412
Then looking at the search engine stats the most popular search engine phrase is this [url][summer dance]45041.2 %
450 times? and yes, - np2sp6qjpj2jkzevo5mcl2fjmw$$.mp3 [summer dance] - this is the filename coming up even though it doesn't exist on the server
It's twice as popular as "game sounds" which is the site, and is on google... something fishy going on here.
The most popular site to come from is [url] times in fact, and that's a japanese/chinese/eastern site which I don't understand.
The IP address appears to be chinese too.
Can anyone explain to me what might be going on here please? It appears that someone is continuously downloading this specific file, just to use up my bandwidth?
Just got alerted that my server is being used to send spam. Here is the information the datacenter gave me:
[information .....]
NOTE: I changed the real domain name and IP only.
Is there an expert who can help me decipher this? How do I find the culprit? My provider is threatening to shut me down and sink all my clients with the ship!
I am running the latest WHM and cpanel server, fyi.
Our website is based around a customer based chat system. Customers are only on the system during a particular day and time range. So for parts of the week the server gets almost no traffic. When then time for a chat comes up we get hundreds of people on the site all doing page requests every few seconds.
So as you might imagine we are bringing the server to it's knees with heavy CPU and memory loads. Plus bandwidth usage is really high. We are currently on the biggest box that Rackspace has to offer. The site runs ok on it during these times. It's a little slow but not unbearable.
But we have not hit our max customer base. In fact if all goes well we will double our customer base next month. So I know when we do we will bring that box down totally.
I was thinking about possibly trying a cloud/cluster based approach but after some research on this site I have found that is probably not the best option.
So I am looking for advice on what to do? Is there a better host? Different technology?
Servers are not my thing really so I could really use some help.
No we can't change the way customers access the site or when they access. There is nothing that can be done in that regard so don't suggest it.
I have seen posts that some hosts suspend a user after they so many seconds of high server resource usage... I was wondering how this is done so that I can do this on my dedicated server.