Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


My vps load increasing just one or two minute become offline
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

My vps load increasing just one or two minute become offline

aaxaaaaxaa Member
edited October 2016 in Help

hello,

load average on vps increasing just one or two minute become offline


root@vps:~# uptime
17:01:22 up 0 min, 1 user, load average: 0.15, 0.03, 0.01


root@vps:~# uptime
17:01:29 up 0 min, 1 user, load average: 0.22, 0.05, 0.02


root@vps:~# uptime
17:01:32 up 0 min, 1 user, load average: 0.28, 0.06, 0.02


root@vps:~# uptime
17:01:37 up 0 min, 1 user, load average: 0.26, 0.06, 0.02


root@vps:~# uptime
17:01:49 up 0 min, 1 user, load average: 0.54, 0.13, 0.04


root@vps:~# uptime
17:01:52 up 0 min, 1 user, load average: 0.82, 0.19, 0.06


root@vps:~# uptime
17:01:56 up 0 min, 1 user, load average: 1.07, 0.25, 0.08


root@vps:~# uptime
17:02:04 up 0 min, 1 user, load average: 1.31, 0.31, 0.10

17:02:12 up 1 min, 1 user, load average: 1.42, 0.37, 0.12
root@vps:~#


root@vps:~# uptime
17:02:57 up 1 min, 1 user, load average: 2.64, 0.83, 0.29


root@vps:~# uptime
17:04:28 up 3 min, 1 user, load average: 3.06, 1.44, 0.55


increasing more and become offline

please, any help

VPS is

OpenVZ
3gb ram

thanks

«1

Comments

  • KuJoeKuJoe Member, Host Rep

    What did you provider say when you asked them about this?

    Thanked by 4aaxaa Nekki GCat tmwc
  • Just watch the processes using command using top and analyse what is utilising a lot of resources on the server or it could be a virtualisation issue.

    Thanked by 1aaxaa
  • aaxaaaaxaa Member
    edited October 2016

    @AlphaNinevps_com said:
    Just watch the processes using command using top and analyse what is utilising a lot of resources on the server or it could be a virtualisation issue.

    How can I see it , please?

  • @aaxaa said: How can I see it , please?

    Either your VPS is causing the high load or your loads are inflated due to an issue with the node.

    You need to use tools like top and iotop to determine if anything is eating a lot of resources (specifically disk I/O).

    Thanked by 1aaxaa
  • @aaxaa said:

    @AlphaNinevps_com said:
    Just watch the processes using command using top and analyse what is utilising a lot of resources on the server or it could be a virtualisation issue.

    How can I see it , please?

    "top" without quotes "

    Thanked by 1aaxaa
  • GigsGigsGigsGigs Member, Host Rep

    Are you abuse of usage ? Like creating huge packet out etc ?

  • aaxaaaaxaa Member
    edited October 2016

    top command

    Ashampoo_Snap_2016.10.27_00h24m58s_002_
    photo uploader

  • That process consuming 398% CPU looks slightly suspicious.

  • @Nekki said: That process consuming 398% CPU looks slightly suspicious.

    You don't say.

  • @Nekki said:
    That process consuming 398% CPU looks slightly suspicious.

    load increasing and become offline

  • Yeah, looks like you've been hacked.

  • @Ishaq said:
    Yeah, looks like you've been hacked.

    please, any idea to solve this problem

  • @aaxaa said:

    @Nekki said:
    That process consuming 398% CPU looks slightly suspicious.

    load increasing and become offline

    Reinstall, and consider not using a VPS anymore, doesn't seem like you've got a scooby.

  • @Nekki said:

    @aaxaa said:

    @Nekki said:
    That process consuming 398% CPU looks slightly suspicious.

    load increasing and become offline

    Reinstall, and consider not using a VPS anymore, doesn't seem like you've got a scooby.

    I will re-install it now.

  • @Nekki said:

    Reinstall, and consider not using a VPS anymore, doesn't seem like you've got a scooby.

    or just go over to LET and blame your provider - oh, wait...

  • NekkiNekki Veteran
    edited October 2016

    @aaxaa said:

    @Nekki said:

    @aaxaa said:

    @Nekki said:
    That process consuming 398% CPU looks slightly suspicious.

    load increasing and become offline

    Reinstall, and consider not using a VPS anymore, doesn't seem like you've got a scooby.

    I will re-install it now.

    I urge you to consider my other piece of advice, if you're not capable of managing a VPS properly, this will just happen again and again.

    Thanked by 2aaxaa netomx
  • this after re-install

    aaa
    upload imagem

  • Yes, it's fine now.

    Thanked by 2aaxaa GCat
  • probably won't last long...

    Thanked by 2ATHK tszilassi
  • WebProjectWebProject Host Rep, Veteran
    edited October 2016

    @Falzo said:
    probably won't last long...

    true as without any knowledge of server administration it will be again hacked or overloaded.

    Recommendation to OP: move to managed service!

    Thanked by 1netomx
  • FranciscoFrancisco Top Host, Host Rep, Veteran

    You were compromised with xor-ddos.

    Francisco

  • @Francisco said:
    You were compromised with xor-ddos.

    Francisco

    You would've thought that it would try and be discrete ...

  • Change your ssh port, stop nginx, stop php. See if it still causing high load or not

  • If you are new to vps and want to learn, search on how to harden your box:

    • Use key login and disable root login
    • Change port 22 to something other
    • Do regular scans to your vps with anti root kits
    • Install fail2ban
    • Use secure passwords for users and change them often
    • Disable port 25 and 465 to avoid spam from your server
    Thanked by 2Falzo aaxaa
  • jvnadr said: - Change port 22 to something other

    what if block all port including ssh. Then just use solus to be able to login there.

    Thanked by 1aaxaa
  • dearroydearroy Member, Host Rep

    I remember it's kind of back door script named Bill Gates, some of my clients affected by this dating back to 2014.

    It's most likely your VPS has weak password or poor codes.

  • iwaswrongonceiwaswrongonce Member
    edited October 2016

    It's 2016. Why do we still recommend security by obscurity (changing port) instead of just disabling password auth? Private keys can't reasonably be brute forced.

    It's not the port that's the issue. It's the authentication mechanism.

    But @aaxaa you don't belong anywhere near a server. You obviously have no idea what you're doing.

  • pbgbenpbgben Member, Host Rep

    @iwaswrongonce said:
    It's 2016. Why do we still recommend security by obscurity (changing port) instead of just disabling password auth? Private keys can't reasonably be brute forced.

    It's not the port that's the issue. It's the authentication mechanism.

    But @aaxaa you don't belong anywhere near a server. You obviously have no idea what you're doing.

    Key based is a must, but the port changing is more to redu unnecessary load caused by attempts at logins from bots.

  • NomadNomad Member
    edited October 2016

    I've seen that kind of processes on a VPS before. The owner of the VPS had no idea how to secure his VPS. And he was infected. His machine was being used for dDos attacks.

    Check your traffic, same might've happened to you as well. Do what @jvnadr suggested and read this as well.

    Cleaning up those really took a lot of effort.

    @jvnadr said:
    If you are new to vps and want to learn, search on how to harden your box:

    • Use key login and disable root login
    • Change port 22 to something other
    • Do regular scans to your vps with anti root kits
    • Install fail2ban
    • Use secure passwords for users and change them often
    • Disable port 25 and 465 to avoid spam from your server
    Thanked by 1aaxaa
  • jcaleb said: what if block all port including ssh. Then just use solus to be able to login there.

    I didn't mean that is necessary to block port 22. I don't. Those were generic suggestions on what to search to harden OP's server. In my servers, I just use fail2ban and, in almost all servers, disabling root login and/or password access.

    Thanked by 1aaxaa
Sign In or Register to comment.