New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
CPU 100% all the time?
Hello,
I have a small server from OVH and I just use it to store some data. However I found lately when I want to upload a video on Vimeo that it's slow. I checked the CPU using the "top" command and I found it's 100 or something.
How can i see the full results? and how can i know which process is making the most CPU usage and how can i kill it?
I'm new to linux and sorry for my questions!
Comments
Use "top" then type Shift + M to sort by memory usage or Shift + P to sort by CPU usage.
Top/htop will show you what is using the CPU.
Sort by usage
Any program to monitor the vps bandwidth like htop does for memory and cpu?
Thanks a lot guys!
I got this one. What can i do?
8532 www-data 20 0 41068 7984 2980 R 11 0.4 811:35.65 apache2 21028 www-data 20 0 41084 7980 2960 R 11 0.4 781:29.56 apache2 22905 www-data 20 0 41052 7956 2956 R 11 0.4 775:14.87 apache2 1890 www-data 20 0 46632 14m 3992 R 8 0.7 0:13.34 apache2 2449 clamav 20 0 12756 892 708 R 8 0.0 639:16.12 freshclam 6615 www-data 20 0 41084 7984 2960 R 8 0.4 804:44.77 apache2 6619 www-data 20 0 41156 8356 3108 R 8 0.4 797:03.99 apache2 7595 www-data 20 0 41076 8020 2996 R 8 0.4 838:53.59 apache2 7604 www-data 20 0 41076 7976 2960 R 8 0.4 822:16.40 apache2 8531 www-data 20 0 41084 7968 2968 R 8 0.4 796:00.44 apache2 8533 www-data 20 0 41068 7992 2980 R 8 0.4 854:56.98 apache2 11331 www-data 20 0 41028 7488 2500 R 8 0.4 1458:14 apache2 12246 www-data 20 0 69276 16m 2908 R 8 0.8 0:16.14 python 12391 root 20 0 2608 1320 896 R 8 0.1 0:01.15 top 13758 www-data 20 0 41084 8004 2984 R 8 0.4 799:31.99 apache2 25239 www-data 20 0 41244 8292 3080 R 8 0.4 772:24.40 apache2 25732 www-data 20 0 41052 7944 2960 R 8 0.4 775:32.35 apache2 25786 www-data 20 0 41052 7884 2896 R 8 0.4 773:14.34 apache2 26017 www-data 20 0 44860 11m 2708 R 8 0.6 1696:00 apache2 27210 www-data 20 0 41052 7860 2880 R 8 0.4 772:45.00 apache2 27987 www-data 20 0 41052 7960 2952 R 8 0.4 769:00.77 apache2 21935 www-data 20 0 41052 7952 2956 R 6 0.4 794:37.17 apache2 22910 www-data 20 0 41052 7952 2956 R 6 0.4 783:44.62 apache2 11189 www-data 20 0 40776 6572 1592 S 2 0.3 0:03.25 apache2 11235 www-data 20 0 41172 6836 1688 S 2 0.3 0:01.52 apache2 11982 www-data 20 0 40776 6572 1592 S 2 0.3 0:00.41 apache2
iftop will show you real time bandwidth and connection.
http://www.whmsecurity.com/server-tools/how-to-install-iftop
iftop is nice to quickly see the current statistics. If you need more long-term data for bandwidth monitoring, try out bwm-ng. Or just write a cron job to look at ifconfig (compare previous TX/RX bytes and current bytes, and then divide by time elapsed).
Looks like you are getting ddos'd.
If CentOS 6
nano +103 /etc/httpd/conf/httpd.conf
Change the settings to something like:
StartServers 1
MinSpareServers 1
MaxSpareServers 5
ServerLimit 10
MaxClients 10
MaxRequestsPerChild 4000
service httpd restart
You should try to change to nginx if you can. Or at the very least put Cloudflare in front of your site.
Try out nload. It's my favorite system for monitoring bandwidth.
Thanks @sman!
I'm using Debian.
but what is
ServerLimit 10 MaxClients 10
?
Only 10 people can access my website?
No, MaxClients is the maximum number of simultaneous connections. So if another connection comes in and there's already ten, it will have to wait for the previous connection to go away. But HTTP doesn't need persistent connections.
At least there is no running doom3-server processes..! But seriously might be time to run My Traceroute or similar.
I think there may be better tools posted above. If you can't confirm legit traffic you want to see if there's a net failure or an attack before you get null'd. Make sure you don't have a script you wrote that's hanging and opening connections to 80 without you realizing it. Make sure you have a decent firewall in place to handle various types of attacks. Consider changing Ips as long as you don't use it heavily for mail. Consider blocking certain subnets if you can determine the attacks originate from a particular network/country. That's a shame if I saw that kind of traffic on my own site I'd celebrate just kidding but no really.
Just try it and find out. Apache defaults assume your hardware can handle a bunch of traffic which your hardware obviously can't so you need to tune Apache to your hardware. Right now if you get a bunch of traffic or hacker scanning or ddos or whatever your CPU goes to 100% and the server becomes useless.
The post after yours explained what that setting does pretty well. You will only get 10 apache child processes spawning instead of the 23 showing in your post.
If you're using Apache on a dedi, you should try Apache Traffic Server. You know, just to experiment?
Thank you!
I tried this: nano +103 /etc/httpd/conf/httpd.conf
But it was "blank" nothing is there. Do I type the settings above?
Thanks a lot!
It could be "nano /etc/apache2/apache2.conf"
Thank you my friend.
All done now
I just wait and see.
BTW guys - thank you all for your help. I'm new to linux and it's so hard for me to know what to do, but with you, I'm getting help
I wish you all the best of luck!
Hello guys!
I tried this the CPU is back to normal again. But now I can't access the URL. It keeps loading for few minutes and nothing happens.
I tried to restart Apache, once I did this, the URL worked for 2 minutes, then stopped.
What can i do?
It sounds like you are getting hit by a ton of traffic. Look in your config folder for all you Apache2 configs which are usually located in /etc/apach2/sites-available and tail -f and see if there is a ton of queries on a particular one. If you find nothing try checking in /var/log/ for anything relevant.
Mun
Also are you running any control panels? Possibly Zpanel?
Mun
Oh!
It seems an iranian IP is attacking me? WTF?
I did:
netstat -anp | grep 'tcp|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
I did this: iptables -A INPUT -s 151.244.96.74 -j DROP
What else can i do?
I have 49 connections from this IP: 85.15.0.162
And 154 connection from: 151.244.96.74
I banned them. But how to know what files they are downloading? or what they are doing?
I found this on the internet.
Where do I put that file and what to name it?
iptables don't seem to be able to block them
Here's a link:
http://www.webhostingtalk.com/showthread.php?t=874338
@joebiss are you running any control panels, maybe something like Zpanel?
You can see what files they are downloading by looking at your logs.
save your iptables config so it's there after reboot.
Not sure what it is for debian but for centos it's /sbin/iptables-save
Also most of the hacker bots will switch IP's if they detect they have been banned. Maybe try install fail2ban to automate the banning.
Why are you getting attacked from Iran? What kind of site are you running?
Consider a custom iptables setup and execute/start the firewall in /etc/rc.local which runs at sys start up
Thanks, I banned 3 Ips now ans everything seems good
It's not a website, just a server to store my files. It's just weird, maybe they knew the server is not secure?
Anyway, how can I: make a directory passworded. So if you want to check a URL (public) you have to enter a password. That will help people from downloading my files, right?
use htaccess for that. but store your password file in a directory that isnt publicly accesseble