High Apache Load Server Suspended
Holah
I have a VPS and already been suspended 3 times because of server abuse ..
I suspended the accounts, updated wordpress but the same problem arose again ..
The Server Specs are
2048MB RAM/4096MB BURST/4 Cores/120GB HDD/ the server is mostly populated by wordpress websites ..
Here are the logs from the DC
What can i do to prevent this from happening again ?
The CTID of 13706 is being suspended for reaching a load of 84.91 while only having the following allowed processors 4
18:10:10 up 4 days, 23:44, 0 users, load average: 84.91, 24.75, 9.14
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 19236 460 ? Ss Dec05 0:01 init
root 2 0.0 0.0 0 0 ? S Dec05 0:00 [kthreadd/13706]
root 3 0.0 0.0 0 0 ? S Dec05 0:00 [khelper/13706]
root 211 0.0 0.0 10644 212 ? S
root 13130 0.0 0.0 97032 1228 ? Ss 07:53 0:00 sshd: unknown [priv]
sshd 13131 0.0 0.0 68116 484 ? S 07:53 0:00 sshd: unknown [net]
nobody 13158 0.0 0.1 83016 2308 ? S 18:06 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13165 0.0 0.0 83016 1928 ? S 18:06 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13174 0.0 0.0 83016 1928 ? S 18:06 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13175 0.0 0.0 83016 1924 ? S 18:06 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13185 0.0 0.0 83016 1924 ? S 18:06 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13212 0.0 0.0 83016 1932 ? S 18:06 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13216 0.0 0.1 83016 2252 ? S 18:06 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13219 0.0 0.0 83016 1880 ? S 18:06 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13221 0.0 0.0 83016 1872 ? S 18:06 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13222 0.0 0.0 83016 1884 ? S 18:06 0:00 /usr/local/apache/bin/httpd -k start -DSSL
root 13696 0.0 0.0 97032 1152 ? Ss 04:45 0:00 sshd: root [priv]
sshd 13697 0.0 0.0 68116 452 ? S 04:45 0:00 sshd: root [net]
nobody 13756 0.0 0.0 83016 1528 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13780 0.0 0.0 83016 1892 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13781 0.0 0.0 83016 1532 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13782 0.0 0.0 83016 1532 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13783 0.0 0.0 83016 1516 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13797 0.0 0.0 83016 1380 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13798 0.0 0.0 83016 1764 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13799 0.0 0.0 83016 1372 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13800 0.0 0.0 83016 1832 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13801 0.0 0.0 83016 1372 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13802 0.0 0.0 83016 1356 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13803 0.0 0.0 83016 1356 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13804 0.0 0.0 83016 1352 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13828 0.0 0.0 83016 1348 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13829 0.0 0.0 83016 1720 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13830 0.0 0.0 83016 1720 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13831 0.0 0.0 83016 1448 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13832 0.0 0.0 83016 1720 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13833 0.0 0.0 83016 1332 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13834 0.0 0.0 83016 1348 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13836 0.0 0.0 83016 1292 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13837 0.0 0.0 83016 1660 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13838 0.0 0.0 83016 1300 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13839 0.0 0.0 83016 1664 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13840 0.0 0.0 83016 1668 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13841 0.0 0.0 83016 1292 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13842 0.0 0.0 83016 1292 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13843 0.0 0.0 83016 1668 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13882 0.0 0.0 83016 1288 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13884 0.0 0.0 83016 1656 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13885 0.0 0.0 83016 1420 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13886 0.0 0.0 83016 1284 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13887 0.0 0.0 83016 1304 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13888 0.0 0.0 83016 1692 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13890 0.0 0.0 83016 1652 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13891 0.0 0.0 83016 1280 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13894 0.0 0.0 83016 1288 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13895 0.0 0.0 83016 1408 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13897 0.0 0.0 83016 1288 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13898 0.0 0.0 83016 1280 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13899 0.0 0.0 83016 1400 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13900 0.0 0.0 83016 1280 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13901 0.0 0.0 83016 1276 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13902 0.0 0.0 83016 1652 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13906 0.0 0.0 83016 1708 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13908 0.0 0.0 83016 1288 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13909 0.0 0.0 83016 1564 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 13927 0.0 0.0 83016 1220 ? S 18:08 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14035 1.6 0.8 413080 17760 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
moose 14045 1.6 0.6 413080 13412 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
root 14046 0.3 0.1 106056 2584 ? S 18:09 0:00 tailwatchd - chkservd
moose 14048 1.4 0.4 411648 10368 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14049 1.6 0.7 412560 15612 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14050 1.7 0.7 412624 16256 ? D 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
moose 14051 1.6 0.7 412564 15852 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14054 1.7 0.7 412560 16680 ? D 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14055 1.7 0.8 412832 16904 ? R 18:09 0:01 /usr/bin/php /home/moose/public_html/index.php
moose 14056 1.6 0.6 412560 14172 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14057 1.6 0.7 412560 15460 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14058 1.7 0.6 412836 13912 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14059 1.3 0.6 409228 14564 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14060 1.7 0.7 412304 15468 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14061 1.4 0.6 411648 14544 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14062 1.7 0.7 412624 16408 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
moose 14063 1.7 0.7 412560 15900 ? D 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14065 1.7 0.6 412560 14512 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14066 1.7 0.6 412560 14640 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14067 1.5 0.7 411336 16692 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14068 1.6 0.7 412304 16064 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14069 1.7 0.7 412844 15416 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14070 1.7 0.7 412832 14828 ? D 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14071 1.6 0.6 412560 12712 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14072 1.6 0.6 412560 14184 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14074 1.8 0.9 412560 20028 ? R 18:09 0:01 /usr/bin/php /home/moose/public_html/index.php
moose 14075 1.7 0.6 412560 13520 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14076 1.7 0.6 412560 14252 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14077 1.7 0.6 412560 14364 ? D 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14078 1.7 0.7 412560 16356 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14079 1.7 0.7 412564 15908 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14080 1.6 0.7 412560 15248 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14081 1.3 0.6 409736 13124 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
moose 14082 1.3 0.6 410364 13796 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14083 1.3 0.6 408700 13552 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14095 1.7 0.6 412624 14412 ? D 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
moose 14098 1.7 0.7 412560 14924 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14099 1.7 0.6 412560 14372 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14106 1.7 0.6 412804 14280 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14108 1.3 0.6 408700 14476 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14109 1.3 0.6 408952 14256 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14110 1.3 0.6 408700 13860 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14116 1.3 0.6 408444 14568 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14119 1.4 0.6 410364 13552 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14120 1.8 0.9 412300 19632 ? R 18:09 0:01 /usr/bin/php /home/moose/public_html/index.php
moose 14125 1.8 0.8 412560 17784 ? R 18:09 0:01 /usr/bin/php /home/moose/public_html/index.php
moose 14126 1.8 0.9 412580 19092 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14128 1.8 0.9 412040 19040 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14129 1.8 0.8 412300 17744 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14130 1.7 0.7 412548 14892 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14131 1.8 0.6 412560 14472 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14132 1.7 0.6 412560 13872 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14133 1.4 0.6 411648 14028 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14134 1.7 0.6 412560 14176 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14135 1.4 0.8 411648 17124 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14140 1.3 0.7 409208 15948 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14152 1.8 0.7 412304 16496 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14155 0.0 0.0 83016 1164 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14158 1.4 0.7 409212 14960 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14162 1.3 0.6 408952 14440 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14170 0.0 0.0 83016 1372 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14171 0.0 0.0 83016 1676 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14172 1.9 0.8 412040 18712 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14174 1.9 0.8 412572 17732 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14175 1.8 0.8 412560 16956 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14205 0.0 0.0 83016 1324 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14206 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14207 0.0 0.0 83016 1120 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14209 0.0 0.0 83016 1368 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14210 2.0 0.8 413080 17044 ? R 18:09 0:01 /usr/bin/php /home/moose/public_html/wp-login.php
moose 14213 1.4 0.6 409464 14288 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14214 1.9 0.8 412040 17992 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14215 1.7 0.7 412028 15288 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14218 1.9 0.8 412560 17132 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14237 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14238 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14239 0.0 0.0 83016 1116 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14240 0.0 0.0 83016 1128 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14241 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14242 0.0 0.0 83016 1120 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14243 0.0 0.0 83016 1120 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14244 0.0 0.0 83016 1116 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14248 1.8 0.7 412304 14984 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14249 1.6 0.5 411648 11648 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14250 1.8 0.6 412560 13460 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14251 1.9 0.6 412560 13868 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14252 1.9 0.7 412560 16372 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14253 1.8 0.7 412028 16312 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14254 1.9 0.6 412304 13724 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14255 1.8 0.6 412560 13892 ? D 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14260 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14261 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14262 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14263 0.0 0.0 83016 1484 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14264 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14265 0.0 0.0 83016 1120 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14266 0.0 0.0 83016 1120 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14267 0.0 0.0 83016 1124 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14268 0.0 0.0 83016 1120 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14269 0.0 0.0 83016 1124 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14270 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14271 0.0 0.0 83016 1124 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14272 0.0 0.0 83016 1640 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14273 0.0 0.0 83016 1124 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14274 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14275 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14276 1.8 0.5 412304 12264 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14277 1.9 0.6 412564 13544 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14278 1.9 0.7 412560 16140 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14279 1.9 0.6 412560 13600 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14280 1.9 0.6 412560 13708 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14281 1.8 0.6 412304 13284 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14282 1.9 0.6 412560 14080 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14283 1.9 0.6 412824 13468 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
moose 14284 1.9 0.6 412560 13808 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14294 1.9 0.6 413080 14208 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
moose 14316 2.2 0.6 413080 13628 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
moose 14330 1.8 0.6 410880 13064 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
nobody 14333 0.0 0.0 83016 1120 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14342 2.2 0.7 411648 15132 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14343 1.9 0.6 410108 13408 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14345 1.9 0.7 409212 15016 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14346 1.8 0.6 409220 13300 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14347 0.0 0.0 83016 1124 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14348 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14349 1.8 0.6 409216 12848 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14350 1.8 0.6 409208 13792 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14351 1.3 0.6 404168 14468 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14357 0.0 0.0 83016 1112 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14358 0.0 0.0 83016 1116 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14359 0.0 0.0 83016 1128 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14360 0.0 0.0 83016 1116 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14362 1.8 0.7 409220 15148 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14363 1.8 0.6 410108 13736 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14364 1.8 0.6 409912 14272 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
moose 14365 2.0 0.5 411648 12100 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14371 0.0 0.0 83016 1124 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14372 0.0 0.0 83016 1116 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14373 0.0 0.0 83016 1124 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14374 0.0 0.0 83016 1124 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14375 0.0 0.0 83016 1116 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14376 0.0 0.0 83016 1124 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14378 0.0 0.0 83016 1116 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14379 0.0 0.0 83016 1104 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14395 1.9 0.7 408964 15172 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14396 2.1 0.7 410364 15352 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14397 2.0 0.8 410364 18828 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14398 1.9 0.8 408956 17056 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14399 2.1 0.9 410620 19908 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14400 1.9 0.9 408456 20692 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14401 2.2 0.8 411648 18632 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14402 2.1 0.7 411648 15964 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14403 0.0 0.0 83016 1128 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14405 0.8 0.7 397820 16512 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14406 0.0 0.0 83016 1292 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14407 0.0 0.0 83016 1288 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14411 2.1 0.9 410108 20648 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14412 2.0 0.9 409208 19328 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14415 0.0 0.0 83016 1340 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14417 0.0 0.0 83016 1336 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14418 0.0 0.0 83016 1336 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14419 0.0 0.0 83016 1336 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14423 0.0 0.0 83016 1336 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14424 0.0 0.0 83016 1336 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14425 2.3 0.9 411648 19192 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14427 2.2 0.9 410364 20176 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14428 2.2 1.0 410364 21152 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14429 2.2 1.0 410168 20976 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
nobody 14430 0.0 0.0 83016 1352 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14431 0.0 0.0 83016 1344 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14432 0.0 0.0 83016 1344 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14433 0.0 0.0 83016 1336 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14434 0.0 0.0 83016 1348 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14435 0.0 0.0 83016 1344 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14438 2.2 0.8 410620 18392 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14439 2.3 1.0 411648 21488 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14440 2.2 1.0 410368 21320 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/wp-login.php
moose 14441 2.2 0.9 409852 19604 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14442 2.2 1.0 411648 21328 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14443 2.1 0.8 409220 18524 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14444 2.2 0.9 411648 19104 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14446 2.2 0.9 410364 19092 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14451 0.0 0.0 83016 1344 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14452 0.0 0.0 83016 1344 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14453 0.0 0.0 83016 1336 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14454 0.0 0.0 83016 1336 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14455 0.0 0.0 83016 1348 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14456 0.0 0.0 83016 1340 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14457 0.0 0.0 83016 1336 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14458 0.0 0.0 83016 1424 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14459 0.0 0.0 83016 1268 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14460 0.0 0.0 83016 1268 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14461 0.0 0.0 83016 1260 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14463 0.0 0.0 83016 1412 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14464 0.0 0.0 83016 1260 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14465 0.0 0.0 83016 1268 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14466 0.0 0.0 83016 1260 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14467 0.0 0.0 83016 1040 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14471 2.3 0.9 409852 19384 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14472 2.3 0.7 410364 15416 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14473 2.2 0.9 409220 19060 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14474 2.3 1.0 409212 21488 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14475 2.4 0.8 410620 17796 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14476 2.4 0.8 410620 17408 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14477 2.4 0.9 411648 19992 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14478 2.5 0.9 411648 20436 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14479 2.3 0.8 409208 18172 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14480 2.3 0.8 410364 18248 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14481 2.3 0.7 408952 16376 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14482 2.6 0.8 411648 18072 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14483 2.6 0.9 411260 19364 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14494 2.7 0.9 411312 20388 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14498 0.0 0.0 83016 992 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14501 2.5 0.9 411648 18996 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14503 0.0 0.0 83016 908 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14504 0.0 0.0 83016 920 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14505 2.5 0.8 410364 18452 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14515 3.1 1.1 412028 23904 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14516 2.8 1.0 411648 21072 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14525 0.0 0.0 83016 884 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14526 0.0 0.0 83016 892 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14527 0.1 0.1 83140 3512 ? R 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14528 0.0 0.0 83016 884 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14530 2.7 0.8 411648 18240 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14533 3.1 1.0 411784 22676 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14534 3.4 0.9 412560 20164 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14537 3.0 0.8 411568 18556 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
nobody 14545 0.0 0.0 83016 884 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14546 0.0 0.0 83016 796 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14547 0.0 0.0 83016 796 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14555 0.0 0.0 83016 1200 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14556 0.0 0.0 83016 1208 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 14557 0.0 0.0 83016 796 ? S 18:09 0:00 /usr/local/apache/bin/httpd -k start -DSSL
moose 14558 3.5 1.0 412028 21460 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14559 3.2 0.9 411568 19908 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14561 3.1 1.0 411648 21496 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14562 3.7 1.1 412560 24936 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14564 4.0 1.2 412560 25596 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
moose 14565 3.7 1.0 412564 21584 ? R 18:09 0:00 /usr/bin/php /home/moose/public_html/index.php
root 14581 0.1 0.2 157020 5708 ? S 18:09 0:00 lfd - (child) checking load...
ursurefi 14596 0.0 0.0 23084 1292 ? S 18:09 0:00 dovecot/imap
root 14609 0.9 0.4 78336 9364 ? R 18:09 0:00 cPhulkd - processor
root 14617 0.0 0.0 138204 1064 ? S 18:10 0:00 CROND
root 14618 0.0 0.0 138204 1064 ? S 18:10 0:00 CROND
munin 14620 0.0 0.0 106064 1196 ? Ss 18:10 0:00 /bin/sh /usr/local/cpanel/3rdparty/perl/514/bin/munin-cron
root 14621 0.0 0.0 106064 1200 ? Ss 18:10 0:00 /bin/sh -c /usr/local/cpanel/bin/dcpumon >/dev/null 2>&1
root 14625 0.8 0.3 140252 7884 ? S 18:10 0:00 /usr/local/cpanel/bin/dcpumon
munin 14628 1.5 0.2 127880 6036 ? R 18:10 0:00 /usr/local/cpanel/3rdparty/perl/514/bin/perl /usr/local/cpanel/3rdparty/share/munin/munin-update
root 14630 1.1 0.2 31444 4344 ? R 18:10 0:00 /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/scripts/restartsrv_imap --check
root 14635 2.5 0.2 38832 5384 ? R 18:10 0:00 cPhulkd - processor
root 14636 3.0 0.0 13372 968 ? Rs 18:10 0:00 ps aux
ranmak 14722 0.0 0.0 23632 608 ? S 08:02 0:00 dovecot/imap
dovecot 15397 0.0 0.0 29700 784 ? S 08:07 0:04 dovecot/auth
root 16070 0.0 0.0 97032 488 ? Ss Dec09 0:00 sshd: unknown [priv]
sshd 16072 0.0 0.0 68116 320 ? S Dec09 0:00 sshd: unknown [net]
root 16408 0.0 0.0 97032 488 ? Ss 08:14 0:00 sshd: unknown [priv]
sshd 16409 0.0 0.0 68116 320 ? S 08:14 0:00 sshd: unknown [net]
root 20603 0.0 0.0 97032 488 ? Ss 05:23 0:00 sshd: unknown [priv]
sshd 20604 0.0 0.0 68116 320 ? S 05:23 0:00 sshd: unknown [net]
root 22189 0.0 0.0 97032 488 ? Ss Dec09 0:00 sshd: unknown [priv]
sshd 22190 0.0 0.0 68116 320 ? S Dec09 0:00 sshd: unknown [net]
root 23770 0.0 0.0 97032 488 ? Ss Dec09 0:00 sshd: unknown [priv]
sshd 23771 0.0 0.0 68116 320 ? S Dec09 0:00 sshd: unknown [net]
root 27788 0.0 0.0 97032 488 ? Ss 09:16 0:00 sshd: unknown [priv]
sshd 27789 0.0 0.0 68116 320 ? S 09:16 0:00 sshd: unknown [net]
root 29539 0.0 0.0 97032 488 ? Ss 09:25 0:00 sshd: unknown [priv]
sshd 29540 0.0 0.0 68116 320 ? S 09:25 0:00 sshd: unknown [net]
root 30582 0.0 0.0 97032 488 ? Ss 06:15 0:00 sshd: unknown [priv]
sshd 30583 0.0 0.0 68116 320 ? S 06:15 0:00 sshd: unknown [net]
webdesig 30705 0.0 0.0 23300 580 ? S 12:12 0:00 dovecot/imap
ursurefi 30995 0.0 0.0 23376 576 ? S 17:06 0:00 dovecot/imap
root 31175 0.0 0.0 80132 832 ? S 17:08 0:00 /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
root 31178 0.0 0.0 97032 488 ? Ss Dec09 0:00 sshd: unknown [priv]
sshd 31179 0.0 0.0 68116 320 ? S Dec09 0:00 sshd: unknown [net]
What can i do to prevent this from happening again ?
-
Hi Mbekezm, We run a fair few wordpress websites on a dedicated server but haven't ever had the processor usage go that high. I would have it a guess that either you have an issue with one of the plugins or someone is attempting to brute force access to the website. I personally have made a point of installing wordfence on all the wordpress sites I set up. Though it pushes the processor usage up slightly per site it will block IP's automatically after so many failed login attempts. The easiest way to catch it is to temporarily rename the public_html/wp-content/plugins directory and see whether the processor usage drops. If it does (if you haven't already) check your plugins are also up to date, then go through and disable the plugins and see if the processor usage drops. Thanks again 0 -
Hello :) The following thread is a good resource for troubleshooting high CPU usage or loads: Troubleshooting High Loads On Linux Systems Thank you. 0 -
After looking and searching for days i found a solution that seems to have solved the problem .. The problem was some ***** (very nasty word) from china were trying to brute force the wp-login.php file of wordpress, What i did was i added the the code below to modsecurity, and immediately it started kicking them out after 3 failed logins .. Server seems stable now .. # Start wp-login.php brute attack SecUploadDir /tmp SecTmpDir /tmp SecDataDir /tmp SecRequestBodyAccess On SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134 SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'IP address blocked for 20 minutes, more than 3 login attempts in 10 minutes.'" SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136" SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/600,id:5000137" SecRule ip:bf_counter "@gt 3" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=1200,setvar:ip.bf_counter=0" ErrorDocument 401 default # End wp-login.php brute attack 0 -
I am happy to see you were able to address the issue. Thank you for updating us with the outcome. 0
Please sign in to leave a comment.
Comments
4 comments