All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Help trace Apache CPU abuse DO droplet with VestaCP
I have a friend's server running Ubuntu 14.04/2GB Droplet. It is running VestaCP with only one single person administrating the server and hosting sites.
Past 4-5 days, I've seen the MySQL would run out of memory. I've enabled SWAP of 2GB also.
The system is secured via SSH Keys and is uptodate. The 6-7 websites are all usual wordpress sites, nothing big in them or too much traffic.
The sites are served by nginx, which is reverse proxy to Apache but somehow I see apache spikes up time & again. I'm getting a feeling that one or more of the sites are compromised, though I'm stopping them one by one to trace, I wanted to check if there is a way to DETECT the exact thread/site which can be causing CPU & RAM spikes ?
or can it be that the DO droplet is not able to cope up with the load or is under performing, as I really don't think the sites hosted have any serious load to outgrow a 2GB server.
Pls pour in some suggestions.
Thanks
pastebin from cloudstats monitor http://pastebin.com/PMRkWkcf
Comments
what is the apache log showing at that time?
Are you dropping bots etc? Maybe a crawler/spammer is hitting the site at that time.
i just checked - surprisingly -- all Nginx/Apache Access and Error logs are empty
no idea why
reinstall
?
If you believe one or more of your Wordpress sites have been compromised then run a maldet scan and/or backup your uploads folder and delete everything else, replace with a fresh copy of Wordpress and then connect your old database to it. If you're getting hit with wp-login.php brute force attacks (and if you're running Wordpress then you are absolutely going to get hit with these) then that usually skyrockets cpu usage...easily countered by only allowing your IP to access wp-login or setting up auth or rate-limiting with nginx.
thanks... I am trying to close down on that, Scanning the system now.
Will look into wp-login issue
Hope you figure it out!
You can try to install a wordpress firewall which uses htaccess
You shouldn't assume your server has been compromised just because MySQL is running out of memory. @wych was saying to check the access logs to see if there's a lot of requests at that time, not necessarily just the error logs; besides, if your error log doesn't say anything when your MySQL server is down, then that's an indication that your application is not throwing errors in this case, not that your server is compromised.
Also try reducing max_connections (each MySQL thread allocates some memory), and maybe try some other configuration settings from http://www.tocker.ca/2014/03/10/configuring-mysql-to-use-minimal-memory.html
That's probably xmlrpc.php being hit a lot of times (can be a DDoS targeted to that file).:-)
thanks everyone -- I'm following your advices
I've scanned with Wordfence and Maldet... didn't find any problems
The logs are there now (after a reboot) and I see alot of "SEO plugins" installed. My friend, the owner/op of the blog also suspects some outdated/malfunctioning plugin may be causing the problems... I too feel these SEO type plugins may be causing somekind of "synflood".
Anyways, I've disabled the suspected plugins, will monitor it for a day or 2 to see if this resolves. I also have disables any other sites on this server, so as to be able to "isolate" the problem point.
Thanks... alot.
By the way, can you suggest a good caching plugin for wordpress ? W3 total cache or any other which is light on resources and does the job?
Run each site under a different user, it will make everything a little more secure and make it easier to isolate/find issues. Even the 1GB plan should be fine for 7 WP sites with decent traffic and no crappy plugins...
W3 total cache did not help much for CPU usage or page loading times in my experience.
@mehargags just use Yoast's plugin, you don't need any others