[BlueOnyx:25203] Re: High Load Average

Fungal Style wayin at hotmail.com
Tue Nov 9 07:14:48 -05 2021 

I was thinking about the issue again, a couple of other things to check and if it is not something obvious it may at least get you started on the right track.

A couple of other “common” issues would be:

  *   An exploited plugin
  *   An exploited site
With the exploited sites and plugins it is usually to send spam, now checking your maillog may show large amounts of sending and/or bounces, also checking webalizer to see the traffic statistics and often if there is an exploitd site or plugin it will show up as having a large number of hits/visits from often the same IP address(es).

Well that is where I would start looking…

Summary:
from TOP command, you can probably workout the site that is causing grief, then check maillog and http logs (although webalizer will be easier to see as it will show in a report format after the cpu load goes back down, so more post-mortem), the http logs are good to tail (using the -f switch) as you can often see a pattern with the ip address of the path of the site being accessed if the cpu utilisation is high.

Regards
Brian

From: Fungal Style <wayin at hotmail.com>
Date: Tuesday, 9 November 2021 at 4:52 pm
To: Blueonyx mailing list <blueonyx at mail.blueonyx.it>
Subject: Re: [BlueOnyx:25196] High Load Average

Try disabling XMLRPC in wordpress sites, it is the script kiddie spammers trying to post to the comments via a proxy.

Check the PHP-CGI and php-fpm users, that will usually tell you the site they are hitting.

Also some unscrupulous SEO people will use that to try and bring up unique hits to make it look like they are doing a good job and the web owner needs to convert them or words to that effect… sad, I see it too many times.

Regards
Brian.

From: Blueonyx <blueonyx-bounces at mail.blueonyx.it> on behalf of Richard Sidlin <richard at helpinternet.co.uk>
Reply to: Blueonyx mailing list <blueonyx at mail.blueonyx.it>
Date: Tuesday, 9 November 2021 at 1:30 am
To: Blueonyx mailing list <blueonyx at mail.blueonyx.it>
Subject: [BlueOnyx:25196] High Load Average

5210R

Just recently the load average is going crazy and of course the server slows right down. I have about 10 low to medium usage websites, no emails. Mainly Wordpress sites.

In Top, there is a lot of either php-fpm or php-cgi depending on the php settings that constantly use loads of CPU. This is happening across most sites, not just one causing an issue.

Can anyone point me in the right direction on how to trace where the problem is?

Thanks


Richard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20211109/04205091/attachment.html>

More information about the Blueonyx mailing list