I have a cpanel, centos server that had to be rebooted due to the high load spike. I was unable to ssh in nor enter whm prior to the reboot so my only option was of course to reboot the server.
Now, I'm trying to trace the cause of the spike. RTG graphs show no indication of a ddos attack.
Inside whm, CPU/Memory/MySQL Usage shows no reds nor yellow warnings either except red for gzip (backup process) at 19% CPU. I doubt this is the cause.
This is from /var/log/messages of the logs slightly before and after the reboot.
Code:
Apr 9 13:31:49 server pure-ftpd: (?@70.250.201.162) [INFO] Logout.
Apr 9 13:32:05 server pure-ftpd: (?@xxx.xxx.85.3) [INFO] New connection from xxx.xxx.85.3
Apr 9 13:32:28 server pure-ftpd: (?@xxx.xxx.85.3) [INFO] New connection from xxx.xxx.85.3 .......
What is the most effective, surest way to trace server load (centos / cpanel, shared hosting environment)? I'm aware of top and top -c but I'm looking at it and nothing shows high usage, yet whm server status shows about 12-20% cpu (dual xeon box, 4gb memory). Disk usage is 32% (10k scsi, 300GB) I've attached 4 samples of top -c
I have a server that has server load showing at 25-40 (once it was even 53!), running like that for hours. The server has 4 cpus - and yet the sites on the server seem to run fine when I check them. What I'm wondering is, what exactly is load in this context; and how can load run so high like that without the server crashing?
According to top, the load is caused by httpd processes running under user 'nobody', that often take up double digit CPU percentage.
Does Apache always run under 'nobody'?
Is there any way to trace an httpd processes - which account it's for, or which physical script or URL is calling it?
And for top itself, the TIME field on one server of mine is in the format xx:xx (e.g. 3:25), on another it's TIME+ and in the format xx:xx.xx (e.g. 30:02.77). What exactly does this mean? I would asume it's minutes:seconds and minutes:seconds:hundredths, but while watching top it doesn't seem to correlate with that.
I have a shared server (root access) using Cpanel / Centos with suphp enabled.
Twice this week the sever's load skyrocketed and was unable to login to trace teh cause, had to reboot instead.
After reboot, I went to whm > CPU/Memory/MySQL Usage and saw nothing in red aside netstat (21% cpu). I'm not sure if this is the cause, but how can I trace the absolute user or script causing this spike?
I just moved my site from other VPS hosting into Liquid Web for around 2weeks now. I choose the VPS1 package with WHT promotion..
First impression, I do really satisfied with the VPS performance (server load average bellow 1), also the support team. All of my eMail was replied pretty fast in under 15minutes.
But, I do have one problem. Please note that I'm not complaining here.. I just want to ask other user of LW or maybe other hosting.
Almost everyday (well, I think it is).. I got a load spike on my VPS. It's always around midnight (GMT -5). Based on LW staff have informed me, it's because of the main node full backup process, which is can't be altered. The load spike make my site sometimes temporary can't be accessed, because the server load might become above 5, and the highest one is around 28.
Do WHT user has any similar issue like me? Any solution or suggestion I can take to minimize the effect of the backup process?
I have an dedicated server 2 x Xeon CPU 3.20GHz (2GB RAM), now 30 minutes ago my admin tryed to make a benchmark test on it and after a period the server was not responding ( SSH or http.. ftp ) we asked DN to reboot the server. After the reboot in Service Status page (WHM) there ware many services down and the load was ~ 45.00 (4 cpus) .. after aprox. 5 - 10 minutes the load has droped:
Server Load 2.61 (4 cpus)
is it normal to have such a higher load 45.00 (4 cpus) after an reboot ? The memory used was 32%.
I see that there are some connections from my server to some remote mySQL server, and I am curios to know which script is running them. (192.168.30.98:40493 207.45.xxx.xx:3306 5339/httpd)
I try through lsof but it is not that it points directly to the website running this connection.
I have a customer that uses mailman to send out newsletters. For some reason he has a few users on that list at AOL that feel they need to report them as spam instead of simply unsubscribing or deleting. I'm on the AOL feedback loop, and receive these complaints each time he sends.
AOL removes (redacts) all traces that might make it possible to simply remove the complainer, instead making me have to go in and trace the mail. Ok, privacy and all that. Fine. Unfortunately, since he has a few hundred AOL addresses on that list, it's nearly impossible (AFAIK) to figure out who it is so I can remove that user (or three).
I've searched through the mail logs using the message ID and timestamp, as well as grepping for AOL in the results. This has narrowed it down to about 120 addresses. From here I'm stuck. Can anyone recommend something else to try in order to narrow it down further? What am I missing?
Here are the headers that came with the complaint, edited for privacy.
Quote:
Return-Path: <redacted-bounces@customerdomain.com> Received: from rly-dd06.mx.aol.com (rly-dd06.mail.aol.com [172.19.141.153]) by air-dd03.mail.aol.com (v120.9) with ESMTP id MAILINDD034-b804748865c294; Sat, 24 Nov 2007 15:15:39 -0400 Received: from neo.myserver.com (ns3.myserver.com [my.server.ip.addy]) by rly-dd06.mx.aol.com (v120.9) with ESMTP id MAILRELAYINDD062-b804748865c294; Sat, 24 Nov 2007 15:15:29 -0400 Received: from localhost ([127.0.0.1] helo=neo.myserver.com) by neo.myserver.com with esmtp (Exim 4.68) (envelope-from <redacted-bounces@customerdomain.com>) id 1Iw1P8-0006og-3w; Sat, 24 Nov 2007 15:15:06 -0500 Received: from adsl-225-31-27.mia.bellsouth.net ([customer's.ip] helo=Home) by neo.myserver.com with esmtpa (Exim 4.68) (envelope-from <customer_email@customerdomain.com>) id 1Iw1P1-0006l0-Tc for redacted@customerdomain.com; Sat, 24 Nov 2007 15:15:00 -0500 Message-ID: <002d01c82ed6$b4485f20$210110ac@Home> From: <customer_email@customerdomain.com> To: redacted@customerdomain.com Date: Sat, 24 Nov 2007 15:15:05 -0500p
The company I work for is doing a promotional site that will probably involve a good chunk of progressive (as in, not quite the same as streaming) video -- basically my best guess is that everyone who views the site will likely download between 6 and 50 megabytes of video depending on how long they spend on the site, etc... I would imagine most people would be at the low end of that, maybe 12 megs, but it's hard to predict...
The tough spot is there will be TV and banner ads purchased for this promotion, and it's not entirely clear to us how good response will be. It could be 5,000 visitors in a day ... it could be 250,000 in a day... the response to various advertising campaigns our clients have done has just varied a lot...
So let's say we have 150,000 visitors downloading an average of 12.5 megs of video - that's about 2 terabytes of transfer in a month.
How much should we expect to pay for that kind of data transfer, and are there good providers that will scale with us? I don't think we mind sacrificing a few hundred bucks our first month only to find that traffic was low -- but if it's going to cost thousands to move 2-3 terabytes of data via a CDN, what are our other options? Does anyone scale well even if it's unpredictable? I realize we have to pay some sort of premium for that scalability or it's not really fair to the hosting provider.. but what price range should we be looking at?
I had to reboot my server and about 20 minutes later I tried to access the web site but the page was not found... I am able to login to SSH. However, I am not familiar with *nix or the workings of CPanel... What should I do to get the sites back online?
Anyone know of some good server load testers ( commercial )?
Im not looking for application based load testing, I need real web server load testing... need to see how much traffic this one site can take before it cries.
I ordered a leaseweb express server 4 box with windows server 2003 and have been running it, installed some software etc which worked out fine.
Anyways, I wanted to disable tcp/ip filtering which I did and afterwards it prompted me that I would have to reboot the server for the changes to take place, I clicked ok and it rebooted. Now I just can't connect with remote desktop, I tried everything.
I'm guessing it either shut down or didn't reboot properly? I tried sending an email to leaseweb support 2 days ago but still no shadow of any reply..
It says that I can reboot the server using the SSC but when I log in there, I can't really find any reboot option.
my datacenter says that they have not had power failures(lol yeh right) but i cant seem to figure out why my server seems to be rebooting randomly. so far its happened early 3-5am my times today and yesterday, just its happened 4x more times this morning.
im not sure if cpanel is sending me bind start failures because its not set to auto start up on reboot or if it might be related... but the server seems fine.
i have a dedicated server at theplanet.I dont have a remote reboot option.
a friend of mine said,that all dedicated servers have remote reboot options.he says that since i dont have a remote reboot option,i am probably on a shared server.is that correct.does theplanet have shared or vps offerings in the first place ?
i cannot reboot the server,but i can log in through shell as root type in shutdown - and turn the damn thing off.....
problem I was having which was Windows Small Business Server 2003 would hang on boot up. I never got the time to reinstall the server until now.
I have installed the server and applied all updates. This worked fine until I install the Windows Server 2003 Service Pack 1 or 2. When I install SP1 or SP2 on reboot the server loads the Dell splash screen then the monitor LED light goes orange then green then orange and then just hangs with a blank screen.
I can boot into Safe Mode and uninstall the Service Pack and I can then reboot without any problems. I have installed ADAM SP1.
at getting PDUs for the new facility where we plan to move our servers to. Our cabinet will have 2*20a circuits, so we're thinking of getting 2 APC PDUs (1 per circuit). Some offer remote reboot capability.
Our servers (Dell PowerEdge) have dual power supplies, and I assume the best thing is to plug one power supply into each circuit, so things stay up even if a circuit fails.
So, how would this work if we want to reboot? The servers can run on only one power supply, so does that mean we have to click reboot on the web interface of each PDU at exactly the same time?
I've never worked with PDUs before.. just cheap power strips and a call to the datacenter