New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
vzctl exec $ctid kill $pid
Then you don't have that problem.
I like a challenge , I will have a play over Christmas, put a crappy server up and invite some resource abuse from the community once I have loaded it up with my scripts.
I think I will call the system, silentnights should be fun.
Sounds interesting @Zen. Is that script something you would make available or sell to those interested? Seems like a good hearty demand for something like that.
Yikes, sorry @Zen. Maybe make it donation-ware. Or signup to give it a spin. Something...
I'm not a provider, but want to see providers swim and not drown from node abuse. Better for industry.
@Zen Charge or take donations. I could use a good push on some scripts. I'm not the worst at making my own but just bad enough that its entirely too time consuming.
I was wondering how to identify the abuser reliably.
According to Wiki, for load average, "However, Linux also includes processes in uninterruptible sleep states (usually waiting for disk activity), which can lead to markedly different results if many processes remain blocked in I/O due to a busy or stalled I/O system." So if someone is abusing disk IO and the disk becomes buzy, one of his neighbors with many processes waiting for the disk subsystem could have a high load, be mistaken for an abuser, and get his VPS restarted unnecessarily.
A snapshot of my vps (under vserver, and I don't know how to post images here):
postimage.org/image/t0z5k66wn/
Many small processes (each less than 1MB), per process cpu utilization at 0%, total ram consumption around 80MB. My resource usage is really minimal, yet the load average is around 25. Will I be mistaken for an abuser and get my vps restarted/suspended/terminated?
Under Linux, IMO, load average is not a reliable indicator for abusers.
It's been reliable enough for us and have not had a single false positive ever since we switched to our RAID10 setup and we do a lot of manual checking before we suspend or terminate anybody. This is why we have our e-mails output the top 10 processes as well as a complete output of io usage to make sure we are catching the correct culprit.
In your example your VPS would be getting rebooted frequently but because of our proactive approach and constant monitoring if any of our nodes ever hit 25 it wouldn't stay that way for very long. I am not familiar with vserver so I cannot comment on how it handles loads/CPU/reporting but I would suggest you contact your server provider if your VPS has a load average of 25.
Rule of thumb for us, if the load is over 4.00 it generates a warning, over 10 we get an a critical alert, over 20 and the e-mails start flooding in every few minutes.
Could you give a sketch of how you do it? I guess this will help many vps providers find the real abusers of system resource. As more providers know about this, legit vps users will also be less likely to be mistaken for abusers.
Thanks for the suggestion. But the vps with load above 20 still feels as responsive as it is with load below 1. Still quite speedy. Perhaps what I get is the load average for the node as a whole?
Another snapshot when I haven't start exim:
postimage.org/image/3spo24v8l/
The load average is around 24.
@Zen vzctl exec is a bad idea. Better use vzps
@Zen because vzctl exec executes programs inside the container, the VPS owner can replace said programs and make them output whatever he wants.
Is there a working version for CentOS 6?
@Kujoe i've no idea, i only have CentOS 5 based nodes, but even if it doesn't work it wouldn't be too hard to fix it and make it work i think.
I don't even know how to start troubleshooting a seg fault.
@Kujoe maybe newer version of vzprocps? Google says other people had similar problems with segfaults of vzps, and there was a newer version released at some point which supposedly fixes these.
KuJoe, a strace output would most definately help.
I however dont have to trouble my mind with those issues.
However abuse is an issue for low end dedicated servers.
I just use barracudas and nDPI for secure traffic classifications. Torrenting/FXP follows a exact timing and bandwidth allocation after a release gets released and pre-databases show it.
Port 25 is rate limited and goes only through my smtp gateway in order to prevent abuse.
Some things i just cache.
So far so good i must say. My IP range is clean.