All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
My vps load increasing just one or two minute become offline
hello,
load average on vps increasing just one or two minute become offline
root@vps:~# uptime
17:01:22 up 0 min, 1 user, load average: 0.15, 0.03, 0.01
root@vps:~# uptime
17:01:29 up 0 min, 1 user, load average: 0.22, 0.05, 0.02
root@vps:~# uptime
17:01:32 up 0 min, 1 user, load average: 0.28, 0.06, 0.02
root@vps:~# uptime
17:01:37 up 0 min, 1 user, load average: 0.26, 0.06, 0.02
root@vps:~# uptime
17:01:49 up 0 min, 1 user, load average: 0.54, 0.13, 0.04
root@vps:~# uptime
17:01:52 up 0 min, 1 user, load average: 0.82, 0.19, 0.06
root@vps:~# uptime
17:01:56 up 0 min, 1 user, load average: 1.07, 0.25, 0.08
root@vps:~# uptime
17:02:04 up 0 min, 1 user, load average: 1.31, 0.31, 0.10
17:02:12 up 1 min, 1 user, load average: 1.42, 0.37, 0.12
root@vps:~#
root@vps:~# uptime
17:02:57 up 1 min, 1 user, load average: 2.64, 0.83, 0.29
root@vps:~# uptime
17:04:28 up 3 min, 1 user, load average: 3.06, 1.44, 0.55
increasing more and become offline
please, any help
VPS is
OpenVZ
3gb ram
thanks
Comments
What did you provider say when you asked them about this?
Just watch the processes using command using top and analyse what is utilising a lot of resources on the server or it could be a virtualisation issue.
How can I see it , please?
Either your VPS is causing the high load or your loads are inflated due to an issue with the node.
You need to use tools like
top
andiotop
to determine if anything is eating a lot of resources (specifically disk I/O)."top" without quotes "
Are you abuse of usage ? Like creating huge packet out etc ?
top command
photo uploader
That process consuming 398% CPU looks slightly suspicious.
You don't say.
load increasing and become offline
Yeah, looks like you've been hacked.
please, any idea to solve this problem
Reinstall, and consider not using a VPS anymore, doesn't seem like you've got a scooby.
I will re-install it now.
or just go over to LET and blame your provider - oh, wait...
I urge you to consider my other piece of advice, if you're not capable of managing a VPS properly, this will just happen again and again.
this after re-install
upload imagem
Yes, it's fine now.
probably won't last long...
true as without any knowledge of server administration it will be again hacked or overloaded.
Recommendation to OP: move to managed service!
You were compromised with xor-ddos.
Francisco
You would've thought that it would try and be discrete ...
Change your ssh port, stop nginx, stop php. See if it still causing high load or not
If you are new to vps and want to learn, search on how to harden your box:
what if block all port including ssh. Then just use solus to be able to login there.
I remember it's kind of back door script named Bill Gates, some of my clients affected by this dating back to 2014.
It's most likely your VPS has weak password or poor codes.
It's 2016. Why do we still recommend security by obscurity (changing port) instead of just disabling password auth? Private keys can't reasonably be brute forced.
It's not the port that's the issue. It's the authentication mechanism.
But @aaxaa you don't belong anywhere near a server. You obviously have no idea what you're doing.
Key based is a must, but the port changing is more to redu unnecessary load caused by attempts at logins from bots.
I've seen that kind of processes on a VPS before. The owner of the VPS had no idea how to secure his VPS. And he was infected. His machine was being used for dDos attacks.
Check your traffic, same might've happened to you as well. Do what @jvnadr suggested and read this as well.
Cleaning up those really took a lot of effort.
I didn't mean that is necessary to block port 22. I don't. Those were generic suggestions on what to search to harden OP's server. In my servers, I just use fail2ban and, in almost all servers, disabling root login and/or password access.