High CPU Load

P

poox

Verified User
Joined
Apr 24, 2006
Messages
12
I have one DirectAdmin system which hosts the majority of my customers data.

Normally this is a very solid system, and has had few problems with the exception of what I shall outline below.

The system is a GL380 with Centos 3.4

My system last night became unaccesable via SSH, my monitoring system SMSed me to say smtp pop etc were down, the HTTP login continued to work for about 30 mins then that was down as well.

The load was up to about 50.00, 50,00, 50,00 by then!

So I rang the data centre and got the box rebooted, all seemed fine till I woke up this morning to exactly the same problem.

As soon as the load starts to spike ssh does not connect leaving me with little to no way to diagnose the problem process and try to resolve what the hell is breaking my system :(

I would really appreciate any ideas or a pointer towards things to check/try.

Naturally I have already searched the forum but have found nothing relevant that I can see.

Is this just a Linux problem? am I being attacked? does one of my customers have a dodgy script? is it a version issue with one of the components? help!
 
You will have to look at logs of your server to figure out what is going on. Also you can use the command "top" to watch processes using the most resources so you will know what is happening.
 
When you system sudennly raise the load it may be hacked or somebody is just spamming ... Try from SSH :


1. top
2. ps aux
3. read the logs



Thanks.
 
Progress but no fix yet!

I caught the offender, it is named !

ps aux |grep named

named 1463 0.1 1.2 52900 6508 ? D 01:58 1:01 /usr/sbin/named -u named

Notice this process is in state D! meaning I cant restart it..

I understand this is IO related, could be a hardware problem but I was wondering if anyone had any ideas?

Centos 3.x & Bind 9.2.4(latest release for rhel3)
 
You cant kill a process in state D, not even kill -9 works, the only fix currently is to reboot the system.
 
What version of bind are you running?

Also is anyone able to do recursive lookups to your dns servers?

Regards
 
Bind 9.2.4 (stable current for Centos/RHEL3)

Yes, currently my server still allows recursive look ups, yes I am aware of the security issues this presents, no I do not think I am being ddosed or DNS attacked because I have no increase in traffic in/out, I might be wrong though!
 
You must log in or register to reply here.
Back
Top