I have more than 100+ domains on a CentOS Plesk server. Suddenly the load on the server goes very high and eats up all resources. eating up all RAM, all CPU , due to which i cannot even login to server to check that what is happening to server.
I Tried to see the real-time Tail log of all sites, which did not showed anything like there is some external threat.
Mod_Evasive has been installed on the server, which is also not blocking anything.
My question is that how can i know that exactly which Domain/Site/Cron Job or anything in server is eating up all resources.
Note: in the Htop utility, i can see that on top, its httpd which is eating all resources.
Best Answer
Which version of Apache are you using?
mod_evasive
pretty much stopped working for Apache 2.2+. Your first port of call will probably be looking athttpd status
.Just run
at a command line, and it'll give you a real time display of requests, by hostname and IP. You might be observing an attack (e.g. one where an attacker keeps a large number of connections open at the same time).
If that doesn't work, add these lines to your
httpd.conf
:Cyberciti has a good article on it. The next thing you could try would be
(paraphrased, from DDos Deflate). After running both of these, you begin to be able to see if you're under attack, or a single website is just consuming a disproportionate amount of CPU.