Server load spikes.

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
Post Reply
sebas
Forum User
Forum User
Posts: 85
Joined: Thu Feb 12, 2009 8:53 pm
Location: Mexico
Contact:
Contact sebas

Server load spikes.

Unread post by sebas »

Our server has been having a hard time, with load spikes. As you can see in the following graphs.

Image
Image
Image
Image

What I usually need to do to get it back to normal is to stop apache.

I found this in the ASL log.

Code: Select all

20 October
06:40:09	www	7	60205		www mod_evasive[796]: Blacklisting address 201.141.244.160: possible DoS attack.
04:32:56	www	7	60205		www mod_evasive[11851]: Blacklisting address 74.6.18.237: possible DoS attack.

19 October
21:10:55	www	7	60205		www mod_evasive[13190]: Blacklisting address 189.143.86.107: possible DoS attack.
19:30:43	www	7	60205		www mod_evasive[13664]: Blacklisting address 189.253.79.73: possible DoS attack.
16:32:33	www	7	60205		www mod_evasive[9704]: Blacklisting address 201.131.56.250: possible DoS attack.
13:28:31	www	7	60205		www mod_evasive[13006]: Blacklisting address 189.253.186.1: possible DoS attack.
13:13:00	www	7	60205		www mod_evasive[32279]: Blacklisting address 69.125.230.37: possible DoS attack.
11:38:48	www	7	60205		www mod_evasive[8650]: Blacklisting address 190.191.74.132: possible DoS attack.
09:21:14	www	7	60205		www mod_evasive[14685]: Blacklisting address 132.230.62.79: possible DoS attack.

18 October
22:17:38	www	7	60205		www mod_evasive[4411]: Blacklisting address 189.171.186.251: possible DoS attack.
22:08:21	www	7	60205		www mod_evasive[4209]: Blacklisting address 189.132.55.220: possible DoS attack.
21:59:30	www	7	60205		www mod_evasive[32265]: Blacklisting address 189.208.184.212: possible DoS attack.
20:36:45	www	7	60205		www mod_evasive[8424]: Blacklisting address 190.121.140.130: possible DoS attack.
20:09:07	www	7	60205		www mod_evasive[30880]: Blacklisting address 186.32.86.106: possible DoS attack.
19:56:55	www	7	60205		www mod_evasive[30418]: Blacklisting address 189.241.56.137: possible DoS attack.
19:22:41	www	7	60205		www mod_evasive[18156]: Blacklisting address 201.141.224.2: possible DoS attack.
17:08:16	www	7	60205		www mod_evasive[11126]: Blacklisting address 186.92.49.189: possible DoS attack.
16:31:54	www	7	60205		www mod_evasive[9954]: Blacklisting address 189.144.128.84: possible DoS attack.
15:18:12	www	7	60205		www mod_evasive[11110]: Blacklisting address 187.164.26.114: possible DoS attack.
11:54:41	www	7	60205		www mod_evasive[17820]: Blacklisting address 136.145.58.47: possible DoS attack.
11:29:11	www	7	60205		www mod_evasive[14421]: Blacklisting address 190.160.244.8: possible DoS attack.
10:12:53	www	7	60205		www mod_evasive[14939]: Blacklisting address 187.152.93.147: possible DoS attack.
10:12:33	www	7	60205		www mod_evasive[14934]: Blacklisting address 189.245.94.97: possible DoS attack.
05:52:29	www	7	60205		www mod_evasive[27494]: Blacklisting address 190.137.8.98: possible DoS attack.

17 October
08:39:21	www	7	60205		www mod_evasive[24780]: Blacklisting address 186.51.211.89: possible DoS attack.
08:13:03	www	7	60205		www mod_evasive[21874]: Blacklisting address 201.141.223.185: possible DoS attack.
07:37:24	www	7	60205		www mod_evasive[11237]: Blacklisting address 201.130.1.218: possible DoS attack.

16 October
23:30:53	www	7	60205		www mod_evasive[25916]: Blacklisting address 187.176.203.241: possible DoS attack.
23:10:10	www	7	60205		www mod_evasive[18057]: Blacklisting address 201.240.177.90: possible DoS attack.
21:43:52	www	7	60205		www mod_evasive[26759]: Blacklisting address 201.154.199.237: possible DoS attack.
20:21:51	www	7	60205		www mod_evasive[24160]: Blacklisting address 189.243.243.30: possible DoS attack.

13 October
06:51:59	www	7	60205		www mod_evasive[32431]: Blacklisting address 190.229.230.147: possible DoS attack.
From what I found this are not related to the spikes, al least the time of this DoS attacks and the time of the spike is not the same.

I also found this kind of stuff

Oct 17 06:50:44 www qmail-local-handlers[3858]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 07:02:04 www qmail-local-handlers[7884]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 08:01:11 www qmail-local-handlers[18807]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 08:06:22 www qmail-local-handlers[21346]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 11:48:20 www qmail-local-handlers[9868]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 12:16:52 www qmail-local-handlers[9065]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 12:17:24 www qmail-local-handlers[10206]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 12:27:24 www qmail-local-handlers[21158]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 12:34:13 www qmail-local-handlers[28853]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 14:21:08 www qmail-local-handlers[10988]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 14:34:46 www qmail-queue-handlers[24768]: LOG Internal error in handler '10-spf-MaQpi2'. Skip handler.
Oct 17 16:38:20 www qmail-local-handlers[1621]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 17:17:34 www qmail-local-handlers[6841]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 18:03:42 www qmail-queue-handlers[18830]: LOG Internal error in handler '10-spf-MaQpi2'. Skip handler.
Oct 17 18:18:44 www qmail-local-handlers[721]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.

which lead me to http://kb.parallels.com/6875 that says
When '/opt/psa/handlers/info/05-grey-KIMklQ/executable -> /opt/psa/handlers/hooks/grey' periodically starts, CPU usage skyrockets.
The following error is shown in maillog:

/usr/local/psa/var/log/maillog
--->8---
Oct 31 17:34:31 plesk qmail-queue-handlers[6091]: call_handlers: call executable = '/opt/psa/handlers/info/05-grey-KIMklQ/executable'
Oct 31 17:34:31 plesk qmail-queue-handlers[6091]: fork_execv_fd: Error occured during fork(): Cannot allocate memory
Oct 31 17:34:31 plesk qmail-queue-handlers[6091]: call_handlers: Error during call '/opt/psa/handlers/info/05-grey-KIMklQ/executable' handler
Oct 31 17:34:31 plesk qmail-queue-handlers[6091]: LOG Internal error in handler '05-grey-KIMklQ'. Skip handler.
---8<---
But this is for a diferent version that what I have installed.

Any ideas of what could be wrong? Ideas on possible fixes?

Thanks in advance.
CentOS release 6.5 (Final)
Plesk psa-11.5.30-cos6.build115130819.13
ASL 3.2.18-37
Linux 2.6.32-358.11.1.el6.x86_64
Top
Post Reply

Return to “General Help and Development Discussion”