OVH Community, your new community space.

Análisis de informe de cPanel en sobrecarga


Power
08/10/2011, 20:21
Hola virtual,

Utilísimo el comando con todas esas opciones.
Lo guardo para futuras situaciones similares.

Muchas gracias, virtual

Saludos

virtual
08/10/2011, 20:00
Puede ser que la saturación venga desde una misma ip.

Comprueba si es así, y baneala desde el firewall.

Usa esta linea para ver la ip:

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

sdzzds
08/10/2011, 10:52
Gracias a ti Power por estar siempre dispuesto a ayudar

Power
08/10/2011, 10:45
Hola sdzzds,

Sí. Parece que había varios accesos al foro de esa cuenta que estaban consumiendo un porcentaje importante de CPU.

He visto que es un foro SMF y no estaba actualizado a la última versión.
Le acabo de pedir al cliente que lo actualice para evitar que aprovechen posibles agujeros de seguridad.

Muchísimas gracias sdzzds.
Da gusto contar con colegas-amigos como tú en este foro siempre dispuestos a ayudar.

Saludos

sdzzds
07/10/2011, 19:46
Hola Power,

Mira la línea:

bbbbbbbb 9152 32.3 0.1 164136 16444 ? R 12:00 0:39 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php

Y otras más que hay en el top, eso quiere decir que esa cuenta bbbbbbbb te está saturando el server. Posiblemente se trate de un hack en el foro de esa cuenta.

Power
07/10/2011, 16:59
Hola,

Hoy, misteriosamente, la carga de uno de mis servidores, con cPanel, ha subido, bruscamente, hasta cerca de 20.

El cPanel me ha enviado el clásico email de informe para que pueda analizar la causa.
Pero el tema es que estoy perdido con el tema del análisis.
¿Alguien podría echarme una mano para saber el motivo de la sobrecarga?
Me gustaría saber cómo analizar esos informes para futuras ocasiones.

Los datos que me ha enviado cPanel son:

ps.txt
Código:
Output from ps:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 10364 620 ? Ss Sep18 0:09 init [3]
root 75 0.0 0.0 100 12 ? S Sep18 0:12 [init-logger]
root 123 0.0 0.0 12632 324 ? S
root 12800 0.0 0.5 144444 50264 ? Ss Oct03 0:30 /usr/bin/spamd -d --allowed-ips=127.0.0.1 --pidfile=/var/run/spamd.pid --max-children=3 --max-spare=1
root 835 0.5 0.9 177584 77044 ? S 10:19 0:31 \_ spamd child
root 31976 0.0 0.2 88292 19292 ? Ss Oct06 0:01 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf
root 11680 0.0 0.1 92032 11744 ? Ss Oct06 0:04 /usr/local/apache/bin/httpd -k start -DSSL
root 16767 0.0 0.0 48688 8232 ? S 11:04 0:00 \_ /usr/bin/perl /usr/local/cpanel/bin/leechprotect
root 16773 0.0 0.1 92032 8764 ? S 11:04 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 2456 0.0 0.1 93424 12432 ? S 11:47 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9073 32.8 0.1 164136 16452 ? R 12:00 0:43 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 4517 0.0 0.1 92664 11744 ? S 11:51 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9238 25.6 0.1 163880 16216 ? R 12:00 0:28 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 4837 0.0 0.1 92580 11680 ? S 11:51 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9349 22.7 0.1 163880 16196 ? R 12:00 0:21 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 6606 0.0 0.1 92452 11336 ? S 11:55 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9021 35.3 0.1 164136 16456 ? R 12:00 0:47 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 7089 0.0 0.1 92744 11716 ? S 11:57 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9343 22.7 0.1 163880 16196 ? R 12:00 0:21 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 7377 0.0 0.1 92552 11516 ? S 11:57 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9354 22.3 0.1 163624 16008 ? R 12:01 0:20 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 7378 0.0 0.1 92640 11676 ? S 11:57 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9351 22.5 0.1 163624 16008 ? R 12:01 0:20 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 8064 0.0 0.1 92320 11296 ? S 11:59 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9152 32.3 0.1 164136 16444 ? R 12:00 0:39 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 8114 0.0 0.1 92396 11236 ? S 11:59 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 8977 38.6 0.1 164136 16412 ? R 12:00 0:54 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 8256 0.0 0.1 92392 11252 ? S 11:59 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9003 36.8 0.1 164136 16456 ? R 12:00 0:50 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 8929 0.0 0.1 92864 11736 ? S 12:00 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9279 24.3 0.1 163880 16204 ? R 12:00 0:25 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 9075 0.0 0.1 92164 10312 ? S 12:00 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9241 26.0 0.1 163880 16216 ? R 12:00 0:28 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 9085 0.0 0.1 92312 11192 ? S 12:00 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9346 22.8 0.1 163624 16008 ? R 12:00 0:21 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 9086 0.0 0.1 92164 10404 ? S 12:00 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9280 24.1 0.1 163880 16216 ? R 12:00 0:25 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 9170 0.0 0.1 92340 11232 ? S 12:00 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 9284 0.0 0.1 92300 11124 ? S 12:00 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 9298 0.0 0.1 92784 11612 ? S 12:00 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9352 22.1 0.1 163624 16008 ? R 12:01 0:20 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 9350 0.0 0.1 92280 11064 ? S 12:01 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 9361 0.0 0.1 92340 11232 ? S 12:01 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 9362 0.0 0.1 92632 11336 ? S 12:01 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 9363 0.0 0.1 92300 10548 ? S 12:01 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9748 21.1 0.1 163368 15684 ? R 12:02 0:05 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 9364 0.0 0.1 92164 10436 ? S 12:01 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
bbbbbbbb 9438 21.7 0.1 163624 15988 ? R 12:01 0:15 | \_ /usr/bin/php /home/bbbbbbbb/public_html/foro/index.php
nobody 9399 0.0 0.1 92412 11400 ? S 12:01 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 9570 0.0 0.1 92168 10504 ? S 12:01 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
infofeni 9943 3.0 0.1 105592 12748 ? R 12:02 0:00 | \_ /usr/bin/php /home/infofeni/public_html/aaaaaaa.com/index.php
nobody 9573 0.0 0.1 92364 10548 ? S 12:01 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 9574 0.0 0.1 92164 10436 ? S 12:01 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
nobody 9867 0.0 0.1 92228 10452 ? S 12:02 0:00 \_ /usr/local/apache/bin/httpd -k start -DSSL
root 31006 0.0 0.2 127672 22808 ? Ss 00:00 0:14 lfd - sleeping
root 9944 0.0 0.2 127672 21864 ? R 12:02 0:00 \_ lfd - (child) connection tracking...
root 9945 0.0 0.2 127672 21976 ? S 12:02 0:00 \_ lfd - (child) checking load...
root 9948 0.0 0.0 65740 996 ? R 12:02 0:00 | \_ /bin/ps axuf
root 9946 0.0 0.2 127672 22020 ? R 12:02 0:00 \_ lfd - (child) process tracking...
vmstat.txt
Código:
Output from vmstat:
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
  r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 20  0      0 6298084      0      0    0    0   281  1198    0    4 11  2 87  0  0
apachestatus.html
Código:
Apache Server Status for 127.0.0.1

Server Version: Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Server Built: Sep 21 2011 12:14:15

Current Time: Friday, 07-Oct-2011 12:02:33 CEST
Restart Time: Thursday, 06-Oct-2011 23:00:25 CEST
Parent Server Generation: 7
Server uptime: 13 hours 2 minutes 8 seconds
Total accesses: 237131 - Total Traffic: 3.5 GB
CPU Usage: u.8 s1.25 cu107.19 cs0 - .233% CPU load
5.05 requests/sec - 79.2 kB/second - 15.7 kB/request
19 requests currently being processed, 8 idle workers

WWWWWWWWWWW__WWWWW_.___WW_.W_...................................
................................................................
................................................................
................................................................

Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"C" Closing connection, "L" Logging, "G" Gracefully finishing,
"I" Idle cleanup of worker, "." Open slot with no current process

Srv    PID    Acc    M    CPU     SS    Req    Conn    Child    Slot    Client    VHost    Request
0-7    7089    0/73/14460    W     4.05    95    0    0.0    1.08    216.59     x.x.x.x    pppppp.com    GET /foro/index.php?action=recent HTTP/1.1
1-7    8114    0/41/14013    W     1.00    141    0    0.0    0.30    249.53     x.x.x.x    ppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
2-7    8064    0/74/14142    W     2.71    122    0    0.0    0.70    224.90     x.x.x.x    ppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
3-7    8929    0/35/14064    W     1.74    104    0    0.0    0.54    195.15     x.x.x.x    ppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
4-7    9075    0/18/12724    W     0.33    110    0    0.0    0.08    193.04     x.x.x.x    ppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
5-7    8256    0/20/13586    W     1.06    137    0    0.0    0.42    187.24     x.x.x.x    ppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
6-7    4517    0/134/12553    W     7.97    111    0    0.0    1.65    181.89     x.x.x.x    ppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
7-7    2456    0/272/12904    W     19.61    130    0    0.0    4.01    210.41     x.x.x.x    ppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
8-7    9085    0/24/12654    W     0.97    93    0    0.0    0.27    222.99     x.x.x.x    ppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
9-7    6606    0/153/11278    W     10.49    133    0    0.0    1.69    156.59     x.x.x.x    ppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
10-7    9086    0/10/12067    W     0.87    104    0    0.0    0.16    242.23     x.x.x.x    ppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
11-7    9170    0/74/10949    _     3.46    0    188    0.0    0.38    164.35     y.y.y.y    qqqqqqq.com    GET /toc.htm HTTP/1.0
12-7    9284    0/58/10277    _     4.21    2    0    0.0    0.25    144.75     z.z.z.z    qqqqqqqq.com    GET /favicon.ico HTTP/1.1
13-7    7377    0/136/9522    W     7.14    92    0    0.0    1.64    178.82     x.x.x.x    pppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
14-7    7378    0/120/8190    W     8.30    93    0    0.0    1.23    102.49     x.x.x.x    pppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
15-7    9570    0/34/8540    W     1.34    0    0    0.0    0.18    127.12     w.w.w.w    aaaaaaaa.net    GET / HTTP/1.1
16-7    4837    0/268/6733    W     15.54    93    0    0.0    3.47    97.56     x.x.x.x    pppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
17-7    9298    0/3/6621    W     0.00    92    0    0.0    0.05    106.00     x.x.x.x    pppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
18-7    9350    0/57/6158    _     2.60    1    283    0.0    0.26    78.17     v.v.v.v    bbbbbbbbb.com    GET / HTTP/1.1
19-7    -    0/0/4762    .     2.59    7    0    0.0    0.00    67.41     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
20-7    9867    0/12/4177    _     0.37    2    444    0.0    0.08    60.09     v.v.v.v    bbbbbbbbb.com    GET /admin/admin_pedidos.php?accion=Detalle&codigo_pedido=11092
21-7    9361    0/54/2879    _     2.40    2    1    0.0    0.20    45.50     v.v.v.v    bbbbbbbbb.com    GET /admin/images/rueda.jpg HTTP/1.1
22-7    9362    0/52/2720    _     3.53    2    89    0.0    0.76    30.39     v.v.v.v    bbbbbbbbb.com    GET /admin/admin_pedidos.php?accion=Actualizar%20Importes%20Ped
23-7    9363    0/32/2248    W     1.86    26    0    0.0    0.26    32.84     x.x.x.x    pppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
24-7    9364    0/11/1411    W     0.37    71    0    0.0    0.08    16.88     x.x.x.x    pppppppp.com    GET /foro/index.php?action=recent HTTP/1.1
25-7    9399    0/55/1444    _     2.27    0    876    0.0    0.54    16.62     m.m.m.m    ccccccc.net    GET /documentacion/cat_view/11-spengler/13-spengler-fonendoscop
26-7    -    0/0/987    .     0.82    38    0    0.0    0.00    9.92     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
27-7    9573    0/34/847    W     1.27    0    0    0.0    0.07    12.66     127.0.0.1    miservidor.com    GET /whm-server-status HTTP/1.1
28-7    9574    0/36/844    _     1.67    3    0    0.0    0.16    8.80     z.z.z.z    hhhhhhhh.com    GET /favicon.ico HTTP/1.1
29-6    -    0/0/637    .     3.85    9710    0    0.0    0.00    8.15     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
30-5    -    0/0/629    .     6.90    10416    0    0.0    0.00    7.34     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
31-5    -    0/0/646    .     1.27    10624    0    0.0    0.00    11.03     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
32-5    -    0/0/180    .     0.00    10658    0    0.0    0.00    3.53     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
33-2    -    0/0/233    .     0.00    25530    0    0.0    0.00    5.15     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
34-2    -    0/0/227    .     0.00    31774    150    0.0    0.00    3.52     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
35-2    -    0/0/235    .     0.00    31788    0    0.0    0.00    3.26     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
36-2    -    0/0/149    .     0.12    31785    0    0.0    0.00    1.76     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
37-2    -    0/0/80    .     0.00    31787    0    0.0    0.00    0.92     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
38-2    -    0/0/109    .     0.00    31790    0    0.0    0.00    1.60     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
39-2    -    0/0/96    .     0.43    31736    0    0.0    0.00    1.64     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
40-2    -    0/0/51    .     0.00    31779    41    0.0    0.00    0.87     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
41-2    -    0/0/67    .     0.14    31747    0    0.0    0.00    0.87     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
42-1    -    0/0/7    .     0.00    34068    0    0.0    0.00    0.05     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
43-1    -    0/0/31    .     1.12    34036    0    0.0    0.00    0.21     127.0.0.1    miservidor.com    OPTIONS * HTTP/1.0
Srv    Child Server number - generation
PID    OS process ID
Acc    Number of accesses this connection / this child / this slot
M    Mode of operation
CPU    CPU usage, number of seconds
SS    Seconds since beginning of most recent request
Req    Milliseconds required to process most recent request
Conn    Kilobytes transferred this connection
Child    Megabytes transferred this child
Slot    Total megabytes transferred this slot
SSL/TLS Session Cache Status:
cache type: DBM, maximum size: unlimited
current sessions: 5, current size: 780 bytes
average session size: 156 bytes
Si alguien me puede echar una mano en este tema, se agradecerá.

Saludos