Guest Posted January 18, 2012 Share Posted January 18, 2012 Bem meu vps está com load alto o dia todo notei um script usando meta tag refresh de 5 em 5 segundos isso sendo acessado a um grande numero de clientes gerava uma grande montante de requisições deixando o servidor lento. Certo removi o script não tem nada de uso alto no Process Manager mesmo assim continua alto o dia inteiro. O que posso fazer para identificar e sanar este problema alguém ajuda? Também encontrei isto. Note: If this is the first time you received this mail, it contains the history for the entire month so far. Below are the recently upload scripts that contain code to send email. You may wish to inspect them to ensure they are not sending out SPAM. /home/zonemixc/public_html/painel/uploads/fotos/c99_.php:14: * - people who deface because they can't root and think they're 1337 /home/zonemixc/public_html/painel/uploads/fotos/c99_.php:15: * - idiots who add mail() to their shells so they can log your ownages /home/zonemixc/public_html/painel/uploads/fotos/c99_.php:16: * - idiots who add mail() to their shells so they can log your ownages and mess up the variables so it doesn't even work! --- /home/zonemixc/public_html/painel/uploads/fotos/c99_.php:6736: } /home/zonemixc/public_html/painel/uploads/fotos/c99_.php:6737: mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); /home/zonemixc/public_html/painel/uploads/fotos/c99_.php:6738: echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>"; --- Link to comment Share on other sites More sharing options...
Guest Posted January 18, 2012 Share Posted January 18, 2012 Optimize o MySQL: http://forum.portaldohost.com.br/topic/3997-como-otimizar-o-mysql/page__p__40253__hl__+optimizar%20+mysql__fromsearch__1#entry40253 Instale o Varnish ou o nginx: http://forum.portaldohost.com.br/topic/1768-tutorial-melhore-a-performance-de-seu-vps/page__hl__%2Binstalar+%2Bnginx__fromsearch__1 Link to comment Share on other sites More sharing options...
Guest Posted January 18, 2012 Share Posted January 18, 2012 Está assim mais continua alto instalei o ngnix e parece ele está aprendo em alguns momentos volta quando reinicio ele! Outra coisa o que o ngnix tem haver com /dev/loop0 /var/tmp 18% (85,660 of 495,844) ! Noto crescimento constante da pasta após instalar ngnix! Service Version Status clamd up cpanellogd up cpsrvd up ftpd up imap up lfd up named 9.3.6-P1-RedHat-9.3.6-16.P1.el5_7.1 up nginx up queueprocd up System information Server load 0.9 (3 CPUs) Memory Used 30.07% (630,708 of 2,097,152) Swap Used 0% (60 of 2,097,144) Disk information Device Mount point Usage /dev/loop0 /var/tmp 18% (85,469 of 495,844) /dev/sda1 / 17% (19,127,704 of 123,854,820) /usr/tmpDSK /tmp 29% (134,252 of 495,844) E vejam isto também! Time: Wed Jan 18 14:53:44 2012 -0200 PID: 18653 Account: nobody Uptime: 254 seconds Executable: /usr/local/sbin/nginx Command Line (often faked in exploits): nginx: worker process Network connections by the process (if any): tcp: 63.143.32.72:80 -> 0.0.0.0:0 tcp: 63.143.32.71:80 -> 0.0.0.0:0 tcp: 63.143.32.72:80 -> 201.78.70.156:43193 tcp: 63.143.32.72:80 -> 187.34.114.213:62389 tcp: 63.143.32.72:80 -> 186.216.234.190:29111 tcp: 63.143.32.72:80 -> 201.45.198.190:2712 tcp: 63.143.32.72:80 -> 187.36.217.149:2227 tcp: 63.143.32.72:80 -> 189.110.81.213:50080 tcp: 63.143.32.72:80 -> 201.80.116.131:64230 tcp: 63.143.32.72:80 -> 201.1.120.40:3327 tcp: 63.143.32.72:80 -> 187.27.115.205:3814 tcp: 63.143.32.72:80 -> 187.10.254.207:54967 tcp: 63.143.32.72:80 -> 189.73.7.111:51624 tcp: 63.143.32.72:80 -> 201.78.70.156:43202 tcp: 63.143.32.72:80 -> 189.110.81.213:50038 tcp: 63.143.32.72:80 -> 189.83.225.136:2996 tcp: 63.143.32.72:80 -> 201.45.198.190:2718 tcp: 63.143.32.72:80 -> 189.73.7.111:51622 tcp: 63.143.32.72:80 -> 177.52.3.31:54638 tcp: 63.143.32.72:80 -> 187.101.49.161:51377 tcp: 63.143.32.72:80 -> 189.73.7.111:51623 tcp: 63.143.32.72:80 -> 189.47.3.226:59125 tcp: 63.143.32.72:80 -> 189.89.146.110:19864 tcp: 63.143.32.72:80 -> 187.101.49.161:51390 tcp: 63.143.32.72:80 -> 189.110.81.213:50082 tcp: 63.143.32.72:80 -> 187.25.175.23:2105 tcp: 63.143.32.72:80 -> 177.42.152.178:26044 tcp: 63.143.32.72:80 -> 189.50.141.66:55726 tcp: 63.143.32.72:80 -> 189.82.168.162:58817 tcp: 63.143.32.72:80 -> 189.82.168.162:58816 tcp: 63.143.32.72:80 -> 189.47.3.226:59124 tcp: 63.143.32.72:80 -> 187.127.112.34:60774 tcp: 63.143.32.72:80 -> 177.40.47.188:65366 tcp: 63.143.32.72:80 -> 177.42.152.178:26043 tcp: 63.143.32.72:80 -> 189.19.102.199:5168 tcp: 63.143.32.72:80 -> 187.51.130.36:11466 tcp: 63.143.32.72:80 -> 177.52.3.31:54639 tcp: 63.143.32.72:80 -> 189.25.88.166:2932 tcp: 63.143.32.72:80 -> 189.1.128.84:57803 tcp: 63.143.32.72:80 -> 201.95.15.205:53385 tcp: 63.143.32.72:80 -> 187.101.49.161:51388 tcp: 63.143.32.72:80 -> 187.10.246.251:51800 tcp: 63.143.32.72:80 -> 187.112.18.129:50722 tcp: 63.143.32.72:80 -> 187.120.9.51:37649 tcp: 63.143.32.72:80 -> 187.101.49.161:51391 tcp: 63.143.32.72:80 -> 187.74.234.203:54053 tcp: 63.143.32.72:80 -> 187.35.238.124:3778 tcp: 63.143.32.72:80 -> 201.80.116.131:64233 tcp: 63.143.32.72:80 -> 201.80.116.131:64232 tcp: 63.143.32.72:80 -> 201.80.116.131:64231 tcp: 63.143.32.72:80 -> 187.112.18.129:50727 tcp: 63.143.32.72:80 -> 187.112.18.129:50729 tcp: 63.143.32.72:80 -> 177.41.6.191:64514 tcp: 63.143.32.72:80 -> 189.73.7.111:51625 tcp: 63.143.32.72:80 -> 201.78.70.156:43192 tcp: 63.143.32.72:80 -> 187.5.80.191:49971 tcp: 63.143.32.72:80 -> 187.112.18.129:50731 tcp: 63.143.32.72:80 -> 187.35.238.124:3779 tcp: 63.143.32.72:80 -> 189.97.127.212:49360 tcp: 63.143.32.72:80 -> 189.50.141.66:55725 tcp: 63.143.32.72:80 -> 187.36.217.149:2229 tcp: 63.143.32.72:80 -> 201.80.116.131:64234 tcp: 63.143.32.72:80 -> 201.80.116.131:64235 tcp: 63.143.32.72:80 -> 201.45.198.190:2717 tcp: 63.143.32.72:80 -> 187.36.217.149:2228 tcp: 63.143.32.72:80 -> 189.110.81.213:50079 tcp: 63.143.32.72:80 -> 187.36.217.149:2230 tcp: 63.143.32.72:80 -> 187.36.217.149:2232 tcp: 63.143.32.72:80 -> 187.36.217.149:2231 tcp: 63.143.32.72:80 -> 201.74.35.242:10645 tcp: 63.143.32.72:80 -> 177.0.42.246:3625 tcp: 63.143.32.72:80 -> 201.47.150.90:27878 tcp: 63.143.32.72:80 -> 177.0.42.246:3630 tcp: 63.143.32.72:80 -> 187.75.6.93:3941 tcp: 63.143.32.72:80 -> 201.45.198.190:2711 tcp: 63.143.32.72:80 -> 201.65.58.6:34884 tcp: 63.143.32.72:80 -> 187.87.151.62:50221 tcp: 63.143.32.72:80 -> 189.110.134.221:58787 tcp: 63.143.32.72:80 -> 189.110.81.213:50078 tcp: 63.143.32.72:80 -> 187.112.18.129:50716 tcp: 63.143.32.72:80 -> 189.81.26.7:61101 tcp: 63.143.32.72:80 -> 189.34.182.210:3165 tcp: 63.143.32.72:80 -> 189.47.3.226:59126 tcp: 63.143.32.72:80 -> 177.0.42.246:3632 tcp: 63.143.32.72:80 -> 187.87.151.62:50222 tcp: 63.143.32.72:80 -> 189.34.182.210:3163 tcp: 63.143.32.72:80 -> 201.45.198.190:2719 tcp: 63.143.32.72:80 -> 201.45.198.190:2720 tcp: 63.143.32.72:80 -> 189.47.3.226:59121 tcp: 63.143.32.72:80 -> 189.34.182.210:3164 tcp: 63.143.32.72:80 -> 187.101.49.161:51389 tcp: 63.143.32.72:80 -> 189.19.102.199:5167 tcp: 63.143.32.72:80 -> 189.58.125.163:3379 tcp: 63.143.32.72:80 -> 189.110.81.213:50081 tcp: 63.143.32.72:80 -> 186.216.234.190:63578 tcp: 63.143.32.72:80 -> 187.25.175.23:2107 tcp: 63.143.32.72:80 -> 187.101.49.161:51404 tcp: 63.143.32.72:80 -> 189.73.7.111:51626 tcp: 63.143.32.72:80 -> 201.78.70.156:43204 tcp: 63.143.32.72:80 -> 177.41.6.191:64513 tcp: 63.143.32.72:80 -> 189.50.141.66:55728 tcp: 63.143.32.72:80 -> 189.47.3.226:59122 tcp: 63.143.32.72:80 -> 177.0.42.246:3633 tcp: 63.143.32.72:80 -> 189.47.3.226:59123 tcp: 63.143.32.72:80 -> 177.41.6.191:64512 tcp: 63.143.32.72:80 -> 177.41.6.191:64515 tcp: 63.143.32.72:80 -> 177.41.6.191:64516 tcp: 63.143.32.72:80 -> 177.41.6.191:64517 tcp: 63.143.32.72:80 -> 187.25.175.23:2106 tcp: 63.143.32.72:80 -> 189.58.125.163:3382 tcp: 63.143.32.72:80 -> 189.58.125.163:3380 tcp: 63.143.32.72:80 -> 189.58.125.163:3381 tcp: 63.143.32.72:80 -> 189.50.141.66:55729 tcp: 63.143.32.72:80 -> 189.50.141.66:55727 tcp: 63.143.32.72:80 -> 189.50.141.66:55730 tcp: 63.143.32.72:80 -> 187.34.114.213:62359 tcp: 63.143.32.72:80 -> 189.105.38.58:56750 tcp: 63.143.32.72:80 -> 187.112.18.129:50733 tcp: 63.143.32.72:80 -> 177.0.42.246:3631 tcp: 63.143.32.72:80 -> 187.10.246.251:51801 tcp: 63.143.32.72:80 -> 200.179.128.242:50189 tcp: 63.143.32.72:80 -> 189.110.81.213:50099 tcp: 63.143.32.72:80 -> 189.110.81.213:50100 tcp: 63.143.32.72:80 -> 189.73.7.111:51627 tcp: 63.143.32.72:80 -> 187.112.18.129:50734 tcp: 63.143.32.72:80 -> 177.42.152.178:26045 tcp: 63.143.32.72:80 -> 189.25.88.166:2933 tcp: 63.143.32.72:80 -> 201.74.35.242:10642 tcp: 63.143.32.72:80 -> 187.101.49.161:51381 tcp: 63.143.32.72:80 -> 187.101.49.161:51380 tcp: 63.143.32.72:80 -> 177.85.64.154:57500 tcp: 63.143.32.72:80 -> 201.81.21.156:2044 tcp: 63.143.32.72:80 -> 187.25.175.23:2109 tcp: 63.143.32.72:80 -> 187.25.175.23:2110 tcp: 63.143.32.72:80 -> 189.83.225.136:2995 tcp: 63.143.32.72:80 -> 187.120.9.51:41390 tcp: 63.143.32.72:80 -> 187.25.175.23:2108 tcp: 63.143.32.72:80 -> 187.120.9.51:20353 tcp: 63.143.32.72:80 -> 200.179.128.242:47290 tcp: 63.143.32.72:80 -> 187.87.151.62:50218 tcp: 63.143.32.72:80 -> 187.87.151.62:50220 tcp: 63.143.32.72:80 -> 201.78.70.156:43201 tcp: 63.143.32.72:80 -> 201.1.120.40:3328 tcp: 63.143.32.72:80 -> 201.1.120.40:3329 tcp: 63.143.32.72:80 -> 201.74.35.242:10643 tcp: 63.143.32.72:80 -> 201.1.120.40:3332 tcp: 63.143.32.72:80 -> 200.179.128.242:53333 tcp: 63.143.32.72:80 -> 200.179.128.242:60724 tcp: 63.143.32.72:80 -> 200.179.128.242:50119 tcp: 63.143.32.72:80 -> 187.34.114.213:62357 tcp: 63.143.32.72:80 -> 201.1.120.40:3331 tcp: 63.143.32.72:80 -> 201.15.117.242:3765 tcp: 63.143.32.72:80 -> 201.81.21.156:2035 tcp: 63.143.32.72:80 -> 201.81.21.156:2042 tcp: 63.143.32.72:80 -> 189.68.196.78:17639 tcp: 63.143.32.72:80 -> 200.179.128.242:47256 tcp: 63.143.32.72:80 -> 201.81.21.156:2040 tcp: 63.143.32.72:80 -> 201.81.21.156:2043 tcp: 63.143.32.72:80 -> 201.81.21.156:2041 tcp: 63.143.32.72:80 -> 201.74.35.242:10644 tcp: 63.143.32.72:80 -> 189.105.38.58:56753 tcp: 63.143.32.72:80 -> 187.87.151.62:50219 tcp: 63.143.32.72:80 -> 187.34.114.213:62387 tcp: 63.143.32.72:80 -> 187.34.114.213:62383 tcp: 63.143.32.72:80 -> 187.34.114.213:62385 tcp: 63.143.32.72:80 -> 189.105.38.58:56752 tcp: 63.143.32.72:80 -> 189.105.38.58:56754 tcp: 63.143.32.72:80 -> 187.35.238.124:3782 tcp: 63.143.32.72:80 -> 189.105.38.58:56751 tcp: 63.143.32.72:80 -> 189.83.225.136:3006 tcp: 63.143.32.72:80 -> 189.83.225.136:3008 tcp: 63.143.32.72:80 -> 189.105.38.58:56755 tcp: 63.143.32.72:80 -> 201.15.117.242:3763 tcp: 63.143.32.72:80 -> 189.107.112.11:6116 tcp: 63.143.32.72:80 -> 201.15.117.242:3764 tcp: 63.143.32.72:80 -> 177.35.37.20:50664 tcp: 63.143.32.72:80 -> 201.74.35.242:10646 tcp: 63.143.32.72:80 -> 201.74.35.242:10647 tcp: 63.143.32.72:80 -> 187.58.105.61:2420 tcp: 63.143.32.72:80 -> 189.87.196.37:2587 tcp: 63.143.32.72:80 -> 187.35.238.124:3783 tcp: 63.143.32.72:80 -> 187.35.238.124:3784 tcp: 63.143.32.72:80 -> 187.35.238.124:3785 tcp: 63.143.32.72:80 -> 201.15.117.242:3766 tcp: 63.143.32.72:80 -> 201.15.117.242:3767 tcp: 63.143.32.72:80 -> 187.58.105.61:2421 tcp: 63.143.32.72:80 -> 189.1.128.84:11380 tcp: 63.143.32.72:80 -> 186.216.234.190:40562 tcp: 63.143.32.72:80 -> 189.81.26.7:61813 tcp: 63.143.32.72:80 -> 187.101.49.161:51400 tcp: 63.143.32.72:80 -> 177.42.152.178:26046 tcp: 63.143.32.72:80 -> 187.101.49.161:51402 tcp: 63.143.32.72:80 -> 177.42.152.178:26047 tcp: 63.143.32.72:80 -> 201.65.58.6:51368 tcp: 63.143.32.72:80 -> 177.42.152.178:26048 tcp: 63.143.32.72:80 -> 201.15.117.242:3768 tcp: 63.143.32.72:80 -> 186.216.234.190:29504 tcp: 63.143.32.72:80 -> 186.216.234.190:52407 Files open by the process (if any): /dev/null /dev/null /var/log/nginx/error.log /var/log/nginx/error.log /var/log/nginx/vhost-error_log Link to comment Share on other sites More sharing options...
Newton Posted January 18, 2012 Share Posted January 18, 2012 Lembre-se que Streaming consome muito do servidor também! Falo por experiência, estou pensando seriamente em assinar outro VPS somente para Streaming. Link to comment Share on other sites More sharing options...
Guest Posted January 18, 2012 Share Posted January 18, 2012 Não não tenho streaming. Apenas hosting. Veja abaixo :( Ngnix muitos erros! Baixo load mais http fica com vários bugs. System information Server load 4.22 (3 CPUs) Memory Used 36.34% (762,052 of 2,097,152) Swap Used 0% (60 of 2,097,144) Disk information Device Mount point Usage /dev/loop0 /var/tmp 22% (101,111 of 495,844) /dev/sda1 / 17% (19,127,704 of 123,854,820) /usr/tmpDSK /tmp 29% (134,252 of 495,844) Link to comment Share on other sites More sharing options...
Newton Posted January 18, 2012 Share Posted January 18, 2012 Vc não tem nenhum cliente com Fórum ou algo parecido? Dependendo do sistema, consome bastante também... Link to comment Share on other sites More sharing options...
Guest Posted January 18, 2012 Share Posted January 18, 2012 Não não tenho apenas whmcs... Link to comment Share on other sites More sharing options...
Rhuan Posted January 18, 2012 Share Posted January 18, 2012 Voce ta com uma shell upada no seu server, estão tentando "rootar" seu server, exclua o arquivo: /home/zonemixc/public_html/painel/uploads/fotos/c99_.php Link to comment Share on other sites More sharing options...
Guest Posted January 18, 2012 Share Posted January 18, 2012 Percebi isto! Como posso encontrar ou scanear a buscar destas coisas? Voce ta com uma shell upada no seu server, estão tentando "rootar" seu server, exclua o arquivo: /home/zonemixc/public_html/painel/uploads/fotos/c99_.php Link to comment Share on other sites More sharing options...
Rhuan Posted January 18, 2012 Share Posted January 18, 2012 Agora começa a saga pra limpa o server, vai ser complicado se voce tiver muitas contas, mais instale o mod_security e não esqueça de definir as regras, habilite também o open_basedir Edit: Notei que o ClamAV ta instalado, faça uma varredura com ele e pesquise aqui no fórum sobre maldet é um tutorial do chuva. Link to comment Share on other sites More sharing options...
Recommended Posts