Abd El-Hameed Ayad wrote:
I have a CentOS 3.8 server which i manage for web hosting (web server,
mail server + database server). Today i got it down because of an
attack, here is the last snapshot of top command before server dies
09:47:30 up 21 days, 6:54, 1 user, load average: 363.88, 727.82, 253.42
3949 processes: 135 sleeping, 3800 running, 14 zombie, 0 stopped
CPU states: cpu user nice system irq softirq iowait idle
total 0.6% 0.0% 99.2% 0.0% 0.0% 0.0% 0.0%
cpu00 0.4% 0.0% 99.4% 0.0% 0.0% 0.0% 0.0%
cpu01 0.8% 0.0% 99.0% 0.0% 0.1% 0.0% 0.0%
Mem: 2055236k av, 1935836k used, 119400k free, 0k shrd, 188120k
buff
1286892k actv, 165568k in_d, 17336k in_c
Swap: 2040244k av, 22676k used, 2017568k free 901000k
cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
6515 root 19 0 10048 9.8M 2612 R 3.9 0.4 1:06 1 cpsrvd-ssl
7175 root 18 0 564 564 492 S 2.7 0.0 0:03 0
couriertcpd
10365 nobody 19 0 11020 10M 2352 R 2.5 0.5 0:08 0 httpd
1998 root 19 0 10724 10M 2140 R 2.4 0.5 3:02 1 httpd
10719 mailnull 19 0 1892 1892 1548 R 1.8 0.0 3:49 0 exim
7169 root 19 0 552 552 476 R 1.8 0.0 0:10 1
couriertcpd
29384 manmoud 25 0 380 380 308 R 1.0 0.0 0:01 0 2-4-21
26278 manmoud 24 0 420 420 308 R 0.9 0.0 0:01 1 2-4-21
26519 manmoud 25 0 420 420 308 R 0.9 0.0 0:01 1 2-4-21
26524 manmoud 25 0 424 424 308 R 0.9 0.0 0:01 1 2-4-21
29368 manmoud 25 0 412 412 308 R 0.9 0.0 0:01 1 2-4-21
25916 manmoud 24 0 388 388 308 R 0.8 0.0 0:01 0 2-4-21
25922 manmoud 25 0 388 388 308 R 0.8 0.0 0:01 0 2-4-21
Clearly, the user manmod caused this huge load.
Are there any way to prevent such high load caused by any user on the
system except root??
I would really recommend you to use monitoring on this server, I
personnaly use nagios wich does a very good job. You can set it up on
this specific server or on an external one.
thanx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos