How to know which site/script is taking all CPU and RAM in Plesk/apache

apache-2.2 ddos high-load
8,168

Which version of Apache are you using? mod_evasive pretty much stopped working for Apache 2.2+. Your first port of call will probably be looking at httpd status.

Just run

service httpd status

at a command line, and it'll give you a real time display of requests, by hostname and IP. You might be observing an attack (e.g. one where an attacker keeps a large number of connections open at the same time).

If that doesn't work, add these lines to your httpd.conf:

<Location /server-status>
   SetHandler server-status
   Order Deny,Allow
   Deny from all
   Allow from 127.0.0.1
</Location>

Cyberciti has a good article on it. The next thing you could try would be

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

The command below creates a list of IP addresses connected to the server, along with their total number of connections.

(paraphrased, from DDos Deflate). After running both of these, you begin to be able to see if you're under attack, or a single website is just consuming a disproportionate amount of CPU.

Share:
8,168
Farhan
Author by

Farhan

Updated on September 18, 2022

Comments

  • Farhan
    Farhan over 1 year

    I have more than 100+ domains on a CentOS Plesk server. Suddenly the load on the server goes very high and eats up all resources. eating up all RAM, all CPU , due to which i cannot even login to server to check that what is happening to server. I Tried to see the real-time Tail log of all sites, which did not showed anything like there is some external threat. Mod_Evasive has been installed on the server, which is also not blocking anything.

    My question is that how can i know that exactly which Domain/Site/Cron Job or anything in server is eating up all resources.

    Note: in the Htop utility, i can see that on top, its httpd which is eating all resources.

  • Ladadadada
    Ladadadada almost 12 years
    You probably also want ExtendedStatus On. The normal mod_status output doesn't tell you enough.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to find the count of Apache workers' at a given point for shared IPs?
mod_security configuration issue: Error parsing actions: Unknown action: ver
Where to find and how to block blacklisted IPs and proxies?
Can a DDoS attack stop me from SSH’ing into my server?
WHM/CPANEL - High cpu and memory usage from Analog Stats
Logging Timeout'd Request in Apache 2.X
How to configure mod_reqtimeout in Apache2
Stop DoS attacks with an IP tables rule?
Apache logs flooded with connections - "(via ggpht.com GoogleImageProxy)"
How to limit number of sessions?