need an urgent help!

[tubcan]

im totaly newbie in this (yeah what a shame), I had a box from 21 days ago

I only have 2 sites., one is completely html site and the 2nd is php-mysql one with high traffic

However, my load avg. was between 0.52 and up to 2 max.

last night, theserver went crazy and the load went to 40
after several reboots the server slowed down abit, but again it jumped to 36, 33 , 19.8
and its slow and freeze ..etc

I called my support since supposedly im on managed services, but they couldnt make any good to me

however the top says :

06:19:03 up 6:42, 1 user, load average: 36.16, 32.40, 21.82
308 processes: 305 sleeping, 3 running, 0 zombie, 0 stopped
CPU states: cpu user nice system irq softirq iowait idle
total 97.9% 0.0% 1.4% 0.5% 0.0% 0.0% 0.0%
Mem: 495808k av, 489924k used, 5884k free, 0k shrd, 2516k buff
375216k actv, 70496k in_d, 6884k in_c
Swap: 1052248k av, 1009084k used, 43164k free 24000k cached

PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
3482 root 15 0 2700 160 80 S 99.9 0.0 255:09 0 httpd
5 root 15 0 0 0 0 SW 0.8 0.0 0:20 0 kswapd
23594 root 16 0 1472 1472 836 R 0.3 0.2 0:00 0 top
1 root 15 0 100 64 44 S 0.0 0.0 0:03 0 init
2 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 keventd
3 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kapmd
4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 ksoftirqd/0
7 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 bdflush
6 root 15 0 0 0 0 SW 0.0 0.0 0:15 0 kscand
8 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kupdated
9 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 mdrecoveryd
13 root 15 0 0 0 0 SW 0.0 0.0 0:02 0 kjournald
480 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald
482 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 loop0
994 root 15 0 240 216 156 S 0.0 0.0 0:00 0 syslogd
998 root 23 0 60 4 0 S 0.0 0.0 0:00 0 klogd
1026 root 24 0 56 4 0 S 0.0 0.0 0:00 0 apmd
1037 root 15 0 308 144 60 S 0.0 0.0 0:00 0 sshd
1052 root 23 0 116 4 0 S 0.0 0.0 0:00 0 xinetd
1061 root 15 0 132 56 40 S 0.0 0.0 0:00 0 da-popb4smtp
1070 nobody 15 0 388 88 72 S 0.0 0.0 0:00 0 directadmin
1084 mail 15 0 324 76 0 S 0.0 0.0 0:00 0 exim
1112 ftp 15 0 508 236 136 S 0.0 0.0 0:00 0 proftpd
1122 root 25 0 80 4 0 S 0.0 0.0 0:00 0 vm-pop3d
1144 root 15 0 172 152 96 S 0.0 0.0 0:00 0 crond
1151 root 25 0 136 4 0 S 0.0 0.0 0:00 0 mysqld_safe
1169 daemon 15 0 68 36 0 S 0.0 0.0 0:00 0 atd
1182 mysql 15 0 35812 11M 1148 S 0.0 2.2 0:10 0 mysqld

after the reboots the apache faild to restart or reload, however the guy from tech. support said :
"Ive got apache running I had to turn of the php admin flags etc, your need to check www.directadmin.com forums for more information on how this works correctly"

the problem is, nothing is working correctly, all my website is giving me 'Internal Server Error' and any scripts such as webmail or phpmyadmin are giving me a php code page instead

my server is officially dead now, I wonder if anyone can help (will be greatly appreciated)

 

[nobaloney]

What OS are you running?

Jeff

 

[tubcan]

centos 3.4

the box ha this specs :

Sempron 2600
512 ram
80 Hdd

Im running the box from Mar.02 withonly 1 site on it ,
the site is php-mysql driven, the site daily avg. statistics would be:
-2000~3000 daily visits
-40 k ~ 50 k page views

 

[drmike]

Didn't get slashdot'ed, did you?

I notice that httpd is running max'ed but not the mysqld.

Why am I thinking a ping attack or other DDOS attack was made?

Anything in the httpds logs?

-drmike

 

[tubcan]

thanks drmike

yes I do believe that i've got Dos or ping attack, as it doesnt make sense that mysql usage isnt that big while httpd are too much like that (speaking of php-mysql site)

and I've checked httpds logs many times and didnt find any up-normal things

However, I made the site offline and putted a 'coming soon' page instead

then the load went down to zeros
also, I have checked out and found that the night started all the troubles my visits number jumped from 2000 avg. to 6000

im not sure if all these factors would make such high load numbers or not ?

 

[drmike]

im not sure if all these factors would make such high load numbers or not ?

If it's pulling huge amount of web pages (or trying to at least), it'll run Apache off the scale.

I'm guessing that you don't have a firewall installed? May I suggest installing APF and turning antidos on within in. That way attacks get dropped into the deny file and hopefully won't cause the issue again.

-drmike

 

[tubcan]

well no I dont have Firewall

I was thinking of installing mod_dosevasive but I can't coz my great host has denied my access to both php.ini and apache directory (as supposedly fully managed)

but yeah thank you I think I'll try it out and tell ya what I've done

cheers

 

[drmike]

You're on your own box and you can't edit php.ini and apache? I'm guessing that he won't let you install a firewall either.

Let me guess. He's probably also charging you a couple hundred for it as well, right?

My suggestion is to wave 'bye-bye' and go find a real host. I've had hosts like that and they're nothing but trouble.

You could probably turn off ping but without a firewall in place, it could still be an issue. (ie the attempts could still be made.)

-drmike