Hi, Sorry, half-asleep. Dave Barton Senior Systems Administrator Comodo CA Ltd Tel: +44 (0) 1274 730505 Fax: +44 (0) 1274 730909 On 01/02/11 14:29, Igor GaliÄ wrote: > > ----- "Dave Barton" <dave.barton@xxxxxxxxxx> wrote: > >> Hi, >> >> To answer the questions from the other email first; >> >>>> Which version of WP? >>>> Did you make -- recently -- any changes? Upgrade, install new >> plugins? >>>> Did you traffic spontaneously increase? >> >> It's an old version (2.7) but I'm not sure how much of an option an >> upgrade is. I'll have to raise it with our developers. > > I don't see my questions actually answered :-/ > Did anything change? > > Or did you just suddenly start monitoring the system and realized > you've got a Nothing changed, but we did see a 12-14x increase in traffic to the site. Currently I'm not sure if this was caused by a malicious DDOS or some kind of micro-Slashdotting. It stopped after about 4 hours and the crazy subprocess spawning stopped as well. > >>>> Given the line-breaks it's *really* hard to read what you mean :-/ >> >> Sorry :( > > I would love to present to you the `ps -o` option. > Along with -u<apacheuser> they are powerful tools. I shall treasure them always. > > >>>> Are you running this in a Zone/Container/Jail/Vz/blah >> >> The WordPress installation is running as an Apache vhost on a Xen >> virtual machine. The VM is only used for Apache and doesn't run >> anything >> else (except stuff like ntpd and snmpd of course). > > As with any virtualization, I'd run ntpd on the Xen host only. Something else to look into, thanks :) > >> Other answers are in-line below. Thanks for trying to help me out! :) >> >> Dave >> >> On 31/01/11 18:28, Igor GaliÃâ wrote: >>> >>> ----- "Dave Barton" <dave.barton@xxxxxxxxxx> wrote: >>> >>>> Should really have included this; >>>> >>>> # apache2 -v >>>> Server version: Apache/2.2.14 (Unix) >>>> Server built: Jan 29 2010 12:34:06 >>>> >>>> # apache2ctl modules >>>> [Mon Jan 31 17:29:24 2011] [warn] module status_module is already >>>> loaded, skipping >>>> Loaded Modules: >>>> core_module (static) >>>> mpm_worker_module (static) >>>> http_module (static) >>>> so_module (static) >>>> alias_module (shared) >>>> auth_basic_module (shared) >>>> authn_alias_module (shared) >>>> authn_anon_module (shared) >>>> authn_default_module (shared) >>>> authn_file_module (shared) >>>> authz_groupfile_module (shared) >>> >>> Do you really need all these modules? >>> Take a look at: http://httpd.apache.org/docs/current/mod/ >>> To see which you can safely remove. >> >> Looking into that now, thanks for the tip. > Likewise you should probably look into what PHP extensions you're loading and which you're actually using. It seems fairly sane, but I can't guarantee that we're using everything we have loaded. > > >>> [snip] >>>> info_module (shared) >>>> >>>> # php -v >>>> PHP 5.2.12-pl0-gentoo (cli) (built: Jan 26 2010 16:48:31) >>>> Copyright (c) 1997-2009 The PHP Group >>>> Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies >>> >>> Are you running PHP with APC or a different accelerator? If not, >>> you should a) consider it, and b) be aware that WP has some issues >>> with these.. >> >> We're not running any accelerator with PHP. The traffic levels for >> this >> site are generally so low that it's not an issue and they can be more >> trouble than they are worth. > > My experience tends to be vice verse. I guess everyone is entitled to > their own opinion, given their experiences ;) > >>>> # uname -a >>>> Linux mcpweb2 2.6.31-xen-r10 #1 SMP Sat Nov 27 14:17:17 UTC 2010 > > duh. Should've seen it's Xen. > > Anyway. It >>>> x86_64 >>>> Intel(R) Xeon(R) CPU E5530 @ 2.40GHz GenuineIntel GNU/Linux >>>> >>>> If anything else is needed, please let me know. >>>> >>>> Cheers >>>> >>>> Dave Barton >>>> Senior Systems Administrator >>>> Comodo CA Ltd >>> >>> i > > i >
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
|