What I usually need to do to get it back to normal is to stop apache.
I found this in the ASL log.
Code: Select all
20 October
06:40:09 www 7 60205 www mod_evasive[796]: Blacklisting address 201.141.244.160: possible DoS attack.
04:32:56 www 7 60205 www mod_evasive[11851]: Blacklisting address 74.6.18.237: possible DoS attack.
19 October
21:10:55 www 7 60205 www mod_evasive[13190]: Blacklisting address 189.143.86.107: possible DoS attack.
19:30:43 www 7 60205 www mod_evasive[13664]: Blacklisting address 189.253.79.73: possible DoS attack.
16:32:33 www 7 60205 www mod_evasive[9704]: Blacklisting address 201.131.56.250: possible DoS attack.
13:28:31 www 7 60205 www mod_evasive[13006]: Blacklisting address 189.253.186.1: possible DoS attack.
13:13:00 www 7 60205 www mod_evasive[32279]: Blacklisting address 69.125.230.37: possible DoS attack.
11:38:48 www 7 60205 www mod_evasive[8650]: Blacklisting address 190.191.74.132: possible DoS attack.
09:21:14 www 7 60205 www mod_evasive[14685]: Blacklisting address 132.230.62.79: possible DoS attack.
18 October
22:17:38 www 7 60205 www mod_evasive[4411]: Blacklisting address 189.171.186.251: possible DoS attack.
22:08:21 www 7 60205 www mod_evasive[4209]: Blacklisting address 189.132.55.220: possible DoS attack.
21:59:30 www 7 60205 www mod_evasive[32265]: Blacklisting address 189.208.184.212: possible DoS attack.
20:36:45 www 7 60205 www mod_evasive[8424]: Blacklisting address 190.121.140.130: possible DoS attack.
20:09:07 www 7 60205 www mod_evasive[30880]: Blacklisting address 186.32.86.106: possible DoS attack.
19:56:55 www 7 60205 www mod_evasive[30418]: Blacklisting address 189.241.56.137: possible DoS attack.
19:22:41 www 7 60205 www mod_evasive[18156]: Blacklisting address 201.141.224.2: possible DoS attack.
17:08:16 www 7 60205 www mod_evasive[11126]: Blacklisting address 186.92.49.189: possible DoS attack.
16:31:54 www 7 60205 www mod_evasive[9954]: Blacklisting address 189.144.128.84: possible DoS attack.
15:18:12 www 7 60205 www mod_evasive[11110]: Blacklisting address 187.164.26.114: possible DoS attack.
11:54:41 www 7 60205 www mod_evasive[17820]: Blacklisting address 136.145.58.47: possible DoS attack.
11:29:11 www 7 60205 www mod_evasive[14421]: Blacklisting address 190.160.244.8: possible DoS attack.
10:12:53 www 7 60205 www mod_evasive[14939]: Blacklisting address 187.152.93.147: possible DoS attack.
10:12:33 www 7 60205 www mod_evasive[14934]: Blacklisting address 189.245.94.97: possible DoS attack.
05:52:29 www 7 60205 www mod_evasive[27494]: Blacklisting address 190.137.8.98: possible DoS attack.
17 October
08:39:21 www 7 60205 www mod_evasive[24780]: Blacklisting address 186.51.211.89: possible DoS attack.
08:13:03 www 7 60205 www mod_evasive[21874]: Blacklisting address 201.141.223.185: possible DoS attack.
07:37:24 www 7 60205 www mod_evasive[11237]: Blacklisting address 201.130.1.218: possible DoS attack.
16 October
23:30:53 www 7 60205 www mod_evasive[25916]: Blacklisting address 187.176.203.241: possible DoS attack.
23:10:10 www 7 60205 www mod_evasive[18057]: Blacklisting address 201.240.177.90: possible DoS attack.
21:43:52 www 7 60205 www mod_evasive[26759]: Blacklisting address 201.154.199.237: possible DoS attack.
20:21:51 www 7 60205 www mod_evasive[24160]: Blacklisting address 189.243.243.30: possible DoS attack.
13 October
06:51:59 www 7 60205 www mod_evasive[32431]: Blacklisting address 190.229.230.147: possible DoS attack.
I also found this kind of stuff
Oct 17 06:50:44 www qmail-local-handlers[3858]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 07:02:04 www qmail-local-handlers[7884]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 08:01:11 www qmail-local-handlers[18807]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 08:06:22 www qmail-local-handlers[21346]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 11:48:20 www qmail-local-handlers[9868]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 12:16:52 www qmail-local-handlers[9065]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 12:17:24 www qmail-local-handlers[10206]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 12:27:24 www qmail-local-handlers[21158]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 12:34:13 www qmail-local-handlers[28853]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 14:21:08 www qmail-local-handlers[10988]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 14:34:46 www qmail-queue-handlers[24768]: LOG Internal error in handler '10-spf-MaQpi2'. Skip handler.
Oct 17 16:38:20 www qmail-local-handlers[1621]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 17:17:34 www qmail-local-handlers[6841]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
Oct 17 18:03:42 www qmail-queue-handlers[18830]: LOG Internal error in handler '10-spf-MaQpi2'. Skip handler.
Oct 17 18:18:44 www qmail-local-handlers[721]: LOG Internal error in handler '10-dd52-domainkeys-rPe4Po'. Skip handler.
which lead me to http://kb.parallels.com/6875 that says
But this is for a diferent version that what I have installed.When '/opt/psa/handlers/info/05-grey-KIMklQ/executable -> /opt/psa/handlers/hooks/grey' periodically starts, CPU usage skyrockets.
The following error is shown in maillog:
/usr/local/psa/var/log/maillog
--->8---
Oct 31 17:34:31 plesk qmail-queue-handlers[6091]: call_handlers: call executable = '/opt/psa/handlers/info/05-grey-KIMklQ/executable'
Oct 31 17:34:31 plesk qmail-queue-handlers[6091]: fork_execv_fd: Error occured during fork(): Cannot allocate memory
Oct 31 17:34:31 plesk qmail-queue-handlers[6091]: call_handlers: Error during call '/opt/psa/handlers/info/05-grey-KIMklQ/executable' handler
Oct 31 17:34:31 plesk qmail-queue-handlers[6091]: LOG Internal error in handler '05-grey-KIMklQ'. Skip handler.
---8<---
Any ideas of what could be wrong? Ideas on possible fixes?
Thanks in advance.