Need help in tracing httpd processes by nobody

DeepXP

• March 31, 2015 12:57

For past one week, 3-4 random nobody owned processes use 200-300% CPU usage each. I tried to trace it with the help of server support guys but looks like we are looking in the wrong direction. I thought, it might help me to trace the issues by getting views of cPanel forum members. Here are the details of server: CentOS 6.6 Apache 2.4.12 PHP 5.5.23 Using suPHP and MPM Event, have enabled OPCache in php.ini too. We managed to trace the site but not able to locate the exact file. lsof for that process ID reveals requests to few IPs but no file name. We cannot suspend the site as it's huge and cannot afford to lose the client. No improvement in traffic since past one week. Any kind of pointers would really help us.

• 

  DeepXP

  • April 01, 2015 01:00

  Ok, after digging deeper and tracing it manually via disabling multiple files, I fixed it. The issue was due to one of the faulty rewrite rules. This was the rule: RewriteCond %{HTTP_REFERER} ^([^.]+.)*?example\.com [NC,OR] RewriteCond %{HTTP_REFERER} ^([^.]+.)*?example1\.com [NC,OR] RewriteCond %{HTTP_REFERER} ^([^.]+.)*?example3\.com [NC,OR] RewriteRule .* " [F] ## STOP REFERRER SPAM ## Around 20 more such sites in the same pattern as above.

  0
• 

  JacobPerkins

  • April 01, 2015 04:06

  Thanks for reporting back the fix! Debugging httpd processes is all sorts of fun.

  0

Please sign in to leave a comment.