Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: ipnnn on November 01, 2016, 04:20:27 AM
-
Hi
I setup a my Wordpress website on vmware using sme9.1 on Dell PE730, I assigned 4core cup and 8GB ram for my server. At first day everything expected, but now cpu usage very hight and keep 90+%. by "top" command can see 300+ apache task running. This happened during no body view pages and really few page contents. I think i have to optimize apache configuration to avoid this abnormal status. can some body advise what should I do?
Below is top list.
top - 11:17:42 up 1:05, 1 user, load average: 90.74, 89.57, 85.34
Tasks: 389 total, 83 running, 306 sleeping, 0 stopped, 0 zombie
Cpu(s): 92.7%us, 7.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.1%hi, 0.2%si, 0.0%st
Mem: 8061100k total, 5562632k used, 2498468k free, 61672k buffers
Swap: 1048572k total, 0k used, 1048572k free, 380784k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
29904 apache 20 0 399m 31m 5380 R 5.3 0.4 0:17.49 httpd
427 apache 20 0 399m 31m 5352 R 5.0 0.4 0:12.89 httpd
428 apache 20 0 419m 43m 7552 R 5.0 0.5 0:13.97 httpd
564 apache 20 0 396m 28m 5352 R 5.0 0.4 0:14.23 httpd
1156 apache 20 0 399m 31m 5344 R 5.0 0.4 0:11.88 httpd
1487 apache 20 0 400m 31m 5344 R 5.0 0.4 0:11.79 httpd
2916 apache 20 0 419m 43m 7504 R 5.0 0.5 0:09.20 httpd
29573 apache 20 0 387m 19m 5376 R 5.0 0.3 0:18.71 httpd
32112 apache 20 0 419m 43m 7512 S 5.0 0.5 0:15.01 httpd
32710 apache 20 0 398m 31m 5352 R 5.0 0.4 0:12.86 httpd
519 apache 20 0 419m 43m 7532 R 4.6 0.5 0:13.49 httpd
1786 apache 20 0 399m 31m 5352 S 4.6 0.4 0:10.71 httpd
2075 clamav 20 0 499m 348m 2384 R 4.6 4.4 0:18.43 clamd
2248 apache 20 0 419m 42m 7508 R 4.6 0.5 0:10.29 httpd
28584 apache 20 0 405m 38m 5352 S 4.6 0.5 0:21.46 httpd
31552 apache 20 0 399m 31m 5352 R 4.6 0.4 0:15.82 httpd
31894 apache 20 0 406m 38m 5356 S 4.6 0.5 0:14.52 httpd
32005 apache 20 0 419m 43m 7516 R 4.6 0.6 0:14.38 httpd
32020 apache 20 0 400m 31m 5352 R 4.6 0.4 0:15.33 httpd
32136 apache 20 0 419m 43m 7516 S 4.6 0.6 0:11.62 httpd
32487 apache 20 0 419m 43m 7512 R 4.6 0.5 0:13.90 httpd
32586 apache 20 0 419m 43m 7508 S 4.6 0.5 0:13.03 httpd
1080 apache 20 0 394m 26m 5444 R 4.3 0.3 0:11.51 httpd
1292 apache 20 0 403m 35m 5352 R 4.3 0.5 0:12.31 httpd
1846 apache 20 0 419m 43m 7508 R 4.3 0.6 0:10.28 httpd
2373 apache 20 0 419m 43m 7508 R 4.3 0.5 0:10.49 httpd
28319 apache 20 0 399m 31m 5364 S 4.3 0.4 0:20.44 httpd
30289 apache 20 0 393m 26m 5364 R 4.3 0.3 0:18.54 httpd
32297 apache 20 0 418m 42m 7528 R 4.3 0.5 0:12.48 httpd
32754 apache 20 0 399m 31m 5348 S 4.3 0.4 0:11.90 httpd
26783 apache 20 0 418m 41m 7252 R 4.0 0.5 0:21.80 httpd
28564 apache 20 0 404m 36m 5352 R 4.0 0.5 0:19.04 httpd
28565 apache 20 0 405m 38m 5352 S 4.0 0.5 0:20.02 httpd
29451 apache 20 0 419m 43m 7508 R 4.0 0.5 0:15.44 httpd
29733 apache 20 0 419m 42m 7516 S 4.0 0.5 0:18.62 httpd
29885 apache 20 0 419m 43m 7512 R 4.0 0.5 0:15.91 httpd
30092 apache 20 0 403m 35m 5352 R 4.0 0.5 0:16.39 httpd
30443 apache 20 0 397m 30m 5468 R 4.0 0.4 0:16.97 httpd
30577 apache 20 0 419m 43m 7596 R 4.0 0.6 0:16.15 httpd
30797 apache 20 0 419m 42m 7520 R 4.0 0.5 0:15.39 httpd
31325 apache 20 0 419m 42m 7512 S 4.0 0.5 0:14.18 httpd
31388 apache 20 0 419m 43m 7516 R 4.0 0.5 0:15.70 httpd
31477 apache 20 0 419m 43m 7620 R 4.0 0.6 0:14.39 httpd
31537 apache 20 0 404m 35m 5364 R 4.0 0.5 0:15.97 httpd
31609 apache 20 0 419m 43m 7544 R 4.0 0.5 0:17.36 httpd
31632 apache 20 0 405m 38m 5352 S 4.0 0.5 0:12.90 httpd
32694 apache 20 0 419m 42m 7512 R 4.0 0.5 0:13.34 httpd
32709 apache 20 0 419m 43m 7540 R 4.0 0.5 0:14.33 httpd
353 apache 20 0 419m 42m 7572 R 3.6 0.5 0:13.99 httpd
405 apache 20 0 419m 43m 7516 S 3.6 0.5 0:14.15 httpd
488 apache 20 0 419m 42m 7248 S 3.6 0.5 0:13.67 httpd
582 apache 20 0 419m 43m 7512 S 3.6 0.5 0:13.19 httpd
1406 apache 20 0 419m 43m 7544 R 3.6 0.6 0:11.86 httpd
1753 apache 20 0 419m 43m 7524 S 3.6 0.5 0:11.96 httpd
4682 apache 20 0 403m 35m 5452 R 3.6 0.5 0:07.80 httpd
4903 apache 20 0 419m 42m 7540 R 3.6 0.5 0:06.38 httpd
4995 apache 20 0 404m 37m 5340 R 3.6 0.5 0:06.52 httpd
-
check the IP address that are accessing your web site
something is real strange with so many httpd running your in your log files to see if there is some strange IP address accessing your web site
Also telling us what your network lay out is the more information we have the more we can help
hope some one else will step in and shine some more light on this problem
-
Hi
I setup a my Wordpress website...
How did you do that exactly?
-
OT in this section, moving to contribs
-
in the main folder of wordpress there's a xmlrpc.php file which is often used to brute force attacks..
to mitigate:
- in .htaccess, add
<Files "xmlrpc.php">
Order Deny,Allow
Deny from all
Allow from localhost
Allow from 127.0.0.1
</Files>
- install fail2ban contrib (https://wiki.contribs.org/Fail2ban)
-
How did you do that exactly?
1. upload wordpress folder.
2. create mysql account for wordpress
3. follow instruction of wordpress installation fill in info.
4. done.
-
in the main folder of wordpress there's a xmlrpc.php file which is often used to brute force attacks..
to mitigate:
- in .htaccess, add
<Files "xmlrpc.php">
Order Deny,Allow
Deny from all
Allow from localhost
Allow from 127.0.0.1
</Files>
- install fail2ban contrib (https://wiki.contribs.org/Fail2ban)
Could you give some detail about .htaccess please.
-
check the IP address that are accessing your web site
something is real strange with so many httpd running your in your log files to see if there is some strange IP address accessing your web site
Also telling us what your network lay out is the more information we have the more we can help
hope some one else will step in and shine some more light on this problem
Thanks for your info. in http access log I saw too many access from a Russia IP address to /xmlrpc.php.
I remove read right for public of this file. now cpu calm down. but I don't think this is right way to solved this problem.
-
Thanks for your info. in http access log I saw too many access from a Russia IP address to /xmlrpc.php.
I remove read right for public of this file. now cpu calm down. but I don't think this is right way to solved this problem.
no, it is the right way if you have not any external app that need to authenticate on WP..
the reason of the high load is that each call to xmlrpc.php is an authentication request, which involves mysql too
in the recent past I had some servers that under this kind of attack were totally unresponsive..
-
I look after about 20 Wordpress sites and since using the Wordfence plugin (the free version) I am finding that things are very much quieter.
-
I'd agree.. but I prefer not to add plugins if I can, because they are code and they might be bugged :-)
a rule in .htaccess is quite fast to apply.. I also forgot to say that many wordpress sites of mine have wp-admin dir protected by apache auth, so anyone trying to access them (without the credential) will be locked by fail2ban after 3 temptatives..
-
Time to consolidate these security tips on the wiki :-)