Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Help trace Apache CPU abuse DO droplet with VestaCP
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Help trace Apache CPU abuse DO droplet with VestaCP

mehargagsmehargags Member
edited August 2015 in Help

I have a friend's server running Ubuntu 14.04/2GB Droplet. It is running VestaCP with only one single person administrating the server and hosting sites.

Past 4-5 days, I've seen the MySQL would run out of memory. I've enabled SWAP of 2GB also.
The system is secured via SSH Keys and is uptodate. The 6-7 websites are all usual wordpress sites, nothing big in them or too much traffic.

The sites are served by nginx, which is reverse proxy to Apache but somehow I see apache spikes up time & again. I'm getting a feeling that one or more of the sites are compromised, though I'm stopping them one by one to trace, I wanted to check if there is a way to DETECT the exact thread/site which can be causing CPU & RAM spikes ?

or can it be that the DO droplet is not able to cope up with the load or is under performing, as I really don't think the sites hosted have any serious load to outgrow a 2GB server.

Pls pour in some suggestions.
Thanks

pastebin from cloudstats monitor http://pastebin.com/PMRkWkcf

Comments

  • wychwych Member

    what is the apache log showing at that time?

    Are you dropping bots etc? Maybe a crawler/spammer is hitting the site at that time.

  • i just checked - surprisingly -- all Nginx/Apache Access and Error logs are empty :( no idea why

  • reinstall :)?

  • sinsin Member

    If you believe one or more of your Wordpress sites have been compromised then run a maldet scan and/or backup your uploads folder and delete everything else, replace with a fresh copy of Wordpress and then connect your old database to it. If you're getting hit with wp-login.php brute force attacks (and if you're running Wordpress then you are absolutely going to get hit with these) then that usually skyrockets cpu usage...easily countered by only allowing your IP to access wp-login or setting up auth or rate-limiting with nginx.

  • mehargagsmehargags Member
    edited August 2015

    @sin said:

    thanks... I am trying to close down on that, Scanning the system now.

    Will look into wp-login issue

  • sinsin Member
    edited August 2015

    mehargags said: thanks... I am trying to close down on that, Scanning the system now.

    Hope you figure it out!

  • @mehargags said:

    You can try to install a wordpress firewall which uses htaccess

  • perennateperennate Member, Host Rep
    edited August 2015

    You shouldn't assume your server has been compromised just because MySQL is running out of memory. @wych was saying to check the access logs to see if there's a lot of requests at that time, not necessarily just the error logs; besides, if your error log doesn't say anything when your MySQL server is down, then that's an indication that your application is not throwing errors in this case, not that your server is compromised.

    Also try reducing max_connections (each MySQL thread allocates some memory), and maybe try some other configuration settings from http://www.tocker.ca/2014/03/10/configuring-mysql-to-use-minimal-memory.html

  • MikePTMikePT Moderator, Patron Provider, Veteran

    That's probably xmlrpc.php being hit a lot of times (can be a DDoS targeted to that file).:-)

  • thanks everyone -- I'm following your advices

    I've scanned with Wordfence and Maldet... didn't find any problems

    The logs are there now (after a reboot) and I see alot of "SEO plugins" installed. My friend, the owner/op of the blog also suspects some outdated/malfunctioning plugin may be causing the problems... I too feel these SEO type plugins may be causing somekind of "synflood".

    Anyways, I've disabled the suspected plugins, will monitor it for a day or 2 to see if this resolves. I also have disables any other sites on this server, so as to be able to "isolate" the problem point.

    Thanks... alot.


    By the way, can you suggest a good caching plugin for wordpress ? W3 total cache or any other which is light on resources and does the job?

  • Run each site under a different user, it will make everything a little more secure and make it easier to isolate/find issues. Even the 1GB plan should be fine for 7 WP sites with decent traffic and no crappy plugins...

    W3 total cache did not help much for CPU usage or page loading times in my experience.

    Thanked by 2mehargags sin
  • wychwych Member

    @mehargags just use Yoast's plugin, you don't need any others ;)

Sign In or Register to comment.