Atomicorp

I am getting (attacked or so it seems) and I am not quite sure what to do about it. Apache seems to become overwhelmed and unresponsive. Then apachectl commands give output such as the following:
/usr/sbin/apachectl: line 102: 8550 Segmentation fault $HTTPD $OPTIONS -k $ARGV
I have to manually kill httpd to get it working again.
When this "attack" happens I see a spike in root activity. I also see a lot of root sshd processes in top using ~100m of memory. and a lot of rsync processes as well.
Not sure how to approach this. Any ideas?
Thanks.

What you describe may be terrible or may be benign. I'm not sure what to suggest really, but you have some experts on hand in the forum who will no doubt offer sensible advice.

You can often prevent apache overload by reducing max_clients in httpd.conf - you may need far fewer than you might imagine.

Other than that, maybe try some of the following in case it helps you to get a handle on things:

Use netstat (e.g. netstat -apvnl) to see what IPs might be connecting to port 22 (ssh) and make a note of them (this is assuming there are connections, which from your post might be the case).

Close sshd port 22 to all but your own IPs to start with, just in case (note that depending on a few things, existing connections will not be stopped because they are not "state = new")

Check your ASL logs for the IP(s) in question to see if it helps you figure out where/how they got in.

Use clamdscan to scan first /var/www/vhosts then the whole system.