php-fpm HIGH CPU load on Debian 8.2

Discussion in 'HOWTO-Related Questions' started by Lucav87, Dec 15, 2015.

  1. Lucav87

    Lucav87 New Member HowtoForge Supporter

    Hello,
    I have a DigitalOcean droplet with Debian 8.2 and ispconfig 3.. (2 core and 4GB of RAM)
    I have a problem with php - fpm.. CPU goes to 99% exponentially increasing the load average (it arrives until 3/4.00) and then all the website slows down. I really don't know what to try to do! some screenshots in the attachment

    PS: I add one screenshot of xcache admin...

    it's a very big problem :(

    Thanks!
    Luca
     

    Attached Files:

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Check the access.log of that website, you find it in the log folder of this site. Maybe someone is just attacking your site (DOS) or there is just a lot of traffic on that site. It might also be that the site has been hacked and that a malicious script is running there now like a irc bot or a spam sending script.
     
  3. Lucav87

    Lucav87 New Member HowtoForge Supporter

    Hello, thanks for your reply..
    I'm checking the logs but I don't understand much..
    The site is less than 1,000 visits a day
    How can I see if the site has been hacked?
    Thanks
     
    Last edited: Dec 16, 2015
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. Lucav87

    Lucav87 New Member HowtoForge Supporter

    Code:
    Please enter scan key (or TRIAL if you have none, yet): trial
    Please enter path to scan: /var/www/site.it/web
    Starting malware scan.
    This can take a long, long time depending on the server hardware and the amount of files ...
    
    !!! DO NOT INTERRUPT THE SCRIPT !!!!
    After the scan is completed, you will find the results also in the following files:
    Malware => /tmp/found_malware_20151612094600.txt
    Wordpress       => /tmp/software_wordpress_20151612094600.txt
    Joomla  => /tmp/software_joomla_20151612094600.txt
    Drupal  => /tmp/software_drupal_20151612094600.txt
    Mediawiki       => /tmp/software_mediawiki_20151612094600.txt
    Contao  => /tmp/software_contao_20151612094600.txt
    Magentocommerce => /tmp/software_magentocommerce_20151612094600.txt
    Woltlab Burning Board   => /tmp/software_woltlab_burning_board_20151612094600.txt
    Cms Made Simple => /tmp/software_cms_made_simple_20151612094600.txt
    Starting scan level 1 ...
    Scanning 33228 files now ...
    Scan level 1 completed. 0 hits.
    Starting scan level 2 ...
    Scanning 5851 files now ...
    Scan level 2 completed. 0 hits.
    ================================
    Found 0 malware file(s)
    ================================
    ================================
    Starting Wordpress check. This could take a while ...
    Most decent version(s): 4.4
    Wordpress check found 0 current and 0 outdated versions.
    ================================
    Starting Joomla check. This could take a while ...
    Most decent version(s): 2.5.28, 3.1.3, 3.2.7, 3.4.6
    Joomla check found 0 current and 0 outdated versions.
    ================================
    Starting Drupal check. This could take a while ...
    Most decent version(s): 6.37, 7.41, 8.0.1
    Drupal check found 0 current and 0 outdated versions.
    ================================
    Starting Mediawiki check. This could take a while ...
    Most decent version(s): 1.26.0
    Mediawiki check found 0 current and 0 outdated versions.
    ================================
    Starting Contao check. This could take a while ...
    Most decent version(s): 3.5.6, 4.1.0
    Contao check found 0 current and 0 outdated versions.
    ================================
    Starting Magentocommerce check. This could take a while ...
    Most decent version(s): 1.9.2.2, 2.0.0
    Magentocommerce check found 0 current and 0 outdated versions.
    ================================
    Starting Woltlab_burning_board check. This could take a while ...
    Most decent version(s): 3.1.8, 4.0.12, 4.1.8
    Woltlab Burning Board check found 0 current and 0 outdated versions.
    ================================
    Starting Cms_made_simple check. This could take a while ...
    Most decent version(s): 1.12.1, 2.1
    Cms Made Simple check found 0 current and 0 outdated versions.
    ================================
    [email protected]:/tmp#        
    see attachment :(
     

    Attached Files:

  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats god, so your site is most likely not infected. Did you try to use php-fcgi mode instead of php-fpm? Does the same happens with fcgi as well?
     
  7. Lucav87

    Lucav87 New Member HowtoForge Supporter

    hello,
    thanks for the reply, It is a production server and can not do these tests :(
    PS: I sent you PM
    Thanks!
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Off course you can do that in a production site, that's why ISPConfig contains this feature. The off time is the amount of time that apache needs to relaod the config which is about 1-2 seconds.

    I'am sorry, private support by PM falls under our business support plans. See ISPConfig support page if you like to get business support.
     

Share This Page