Bem meu vps está com load alto o dia todo notei um script usando meta tag refresh de 5 em 5 segundos isso sendo acessado a um grande numero de clientes gerava uma grande montante de requisições deixando o servidor lento.

Certo removi o script não tem nada de uso alto no Process Manager mesmo assim continua alto o dia inteiro.

O que posso fazer para identificar e sanar este problema alguém ajuda?

Também encontrei isto.

Note: If this is the first time you received this mail, it contains the history for the entire month so far.

Below are the recently upload scripts that contain code to send email.  You may wish to inspect them to ensure they are not sending out SPAM.

/home/zonemixc/public_html/painel/uploads/fotos/c99_.php:14: *   - people who deface because they can't root and think they're 1337

/home/zonemixc/public_html/painel/uploads/fotos/c99_.php:15: *   - idiots who add mail() to their shells so they can log your ownages

/home/zonemixc/public_html/painel/uploads/fotos/c99_.php:16: *   - idiots who add mail() to their shells so they can log your ownages and mess up the variables so it doesn't even work!

---

/home/zonemixc/public_html/painel/uploads/fotos/c99_.php:6736:   }

/home/zonemixc/public_html/painel/uploads/fotos/c99_.php:6737:   mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail);

/home/zonemixc/public_html/painel/uploads/fotos/c99_.php:6738:   echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>";

---

Optimize o MySQL: http://forum.portaldohost.com.br/topic/3997-como-otimizar-o-mysql/page__p__40253__hl__+optimizar%20+mysql__fromsearch__1#entry40253

Instale o Varnish ou o nginx: http://forum.portaldohost.com.br/topic/1768-tutorial-melhore-a-performance-de-seu-vps/page__hl__%2Binstalar+%2Bnginx__fromsearch__1

Está assim mais continua alto instalei o ngnix e parece ele está aprendo em alguns momentos volta quando reinicio ele!

Outra coisa o que o ngnix tem haver com /dev/loop0 /var/tmp 18% (85,660 of 495,844) ! Noto crescimento constante da pasta após instalar ngnix!

Service Version Status

clamd  up

cpanellogd  up

cpsrvd  up

ftpd  up

imap  up

lfd  up

named 9.3.6-P1-RedHat-9.3.6-16.P1.el5_7.1 up

nginx  up

queueprocd  up

System information

Server load 0.9 (3 CPUs)

Memory Used 30.07% (630,708 of 2,097,152)

Swap Used 0% (60 of 2,097,144)

Disk information

Device Mount point Usage

/dev/loop0 /var/tmp 18% (85,469 of 495,844)

/dev/sda1 / 17% (19,127,704 of 123,854,820)

/usr/tmpDSK /tmp 29% (134,252 of 495,844)

E vejam isto também!

Time:    Wed Jan 18 14:53:44 2012 -0200

PID:	 18653

Account: nobody

Uptime:  254 seconds


Executable:

/usr/local/sbin/nginx


Command Line (often faked in exploits):

nginx: worker process


Network connections by the process (if any):

tcp: 63.143.32.72:80 -> 0.0.0.0:0

tcp: 63.143.32.71:80 -> 0.0.0.0:0

tcp: 63.143.32.72:80 -> 201.78.70.156:43193

tcp: 63.143.32.72:80 -> 187.34.114.213:62389

tcp: 63.143.32.72:80 -> 186.216.234.190:29111

tcp: 63.143.32.72:80 -> 201.45.198.190:2712

tcp: 63.143.32.72:80 -> 187.36.217.149:2227

tcp: 63.143.32.72:80 -> 189.110.81.213:50080

tcp: 63.143.32.72:80 -> 201.80.116.131:64230

tcp: 63.143.32.72:80 -> 201.1.120.40:3327

tcp: 63.143.32.72:80 -> 187.27.115.205:3814

tcp: 63.143.32.72:80 -> 187.10.254.207:54967

tcp: 63.143.32.72:80 -> 189.73.7.111:51624

tcp: 63.143.32.72:80 -> 201.78.70.156:43202

tcp: 63.143.32.72:80 -> 189.110.81.213:50038

tcp: 63.143.32.72:80 -> 189.83.225.136:2996

tcp: 63.143.32.72:80 -> 201.45.198.190:2718

tcp: 63.143.32.72:80 -> 189.73.7.111:51622

tcp: 63.143.32.72:80 -> 177.52.3.31:54638

tcp: 63.143.32.72:80 -> 187.101.49.161:51377

tcp: 63.143.32.72:80 -> 189.73.7.111:51623

tcp: 63.143.32.72:80 -> 189.47.3.226:59125

tcp: 63.143.32.72:80 -> 189.89.146.110:19864

tcp: 63.143.32.72:80 -> 187.101.49.161:51390

tcp: 63.143.32.72:80 -> 189.110.81.213:50082

tcp: 63.143.32.72:80 -> 187.25.175.23:2105

tcp: 63.143.32.72:80 -> 177.42.152.178:26044

tcp: 63.143.32.72:80 -> 189.50.141.66:55726

tcp: 63.143.32.72:80 -> 189.82.168.162:58817

tcp: 63.143.32.72:80 -> 189.82.168.162:58816

tcp: 63.143.32.72:80 -> 189.47.3.226:59124

tcp: 63.143.32.72:80 -> 187.127.112.34:60774

tcp: 63.143.32.72:80 -> 177.40.47.188:65366

tcp: 63.143.32.72:80 -> 177.42.152.178:26043

tcp: 63.143.32.72:80 -> 189.19.102.199:5168

tcp: 63.143.32.72:80 -> 187.51.130.36:11466

tcp: 63.143.32.72:80 -> 177.52.3.31:54639

tcp: 63.143.32.72:80 -> 189.25.88.166:2932

tcp: 63.143.32.72:80 -> 189.1.128.84:57803

tcp: 63.143.32.72:80 -> 201.95.15.205:53385

tcp: 63.143.32.72:80 -> 187.101.49.161:51388

tcp: 63.143.32.72:80 -> 187.10.246.251:51800

tcp: 63.143.32.72:80 -> 187.112.18.129:50722

tcp: 63.143.32.72:80 -> 187.120.9.51:37649

tcp: 63.143.32.72:80 -> 187.101.49.161:51391

tcp: 63.143.32.72:80 -> 187.74.234.203:54053

tcp: 63.143.32.72:80 -> 187.35.238.124:3778

tcp: 63.143.32.72:80 -> 201.80.116.131:64233

tcp: 63.143.32.72:80 -> 201.80.116.131:64232

tcp: 63.143.32.72:80 -> 201.80.116.131:64231

tcp: 63.143.32.72:80 -> 187.112.18.129:50727

tcp: 63.143.32.72:80 -> 187.112.18.129:50729

tcp: 63.143.32.72:80 -> 177.41.6.191:64514

tcp: 63.143.32.72:80 -> 189.73.7.111:51625

tcp: 63.143.32.72:80 -> 201.78.70.156:43192

tcp: 63.143.32.72:80 -> 187.5.80.191:49971

tcp: 63.143.32.72:80 -> 187.112.18.129:50731

tcp: 63.143.32.72:80 -> 187.35.238.124:3779

tcp: 63.143.32.72:80 -> 189.97.127.212:49360

tcp: 63.143.32.72:80 -> 189.50.141.66:55725

tcp: 63.143.32.72:80 -> 187.36.217.149:2229

tcp: 63.143.32.72:80 -> 201.80.116.131:64234

tcp: 63.143.32.72:80 -> 201.80.116.131:64235

tcp: 63.143.32.72:80 -> 201.45.198.190:2717

tcp: 63.143.32.72:80 -> 187.36.217.149:2228

tcp: 63.143.32.72:80 -> 189.110.81.213:50079

tcp: 63.143.32.72:80 -> 187.36.217.149:2230

tcp: 63.143.32.72:80 -> 187.36.217.149:2232

tcp: 63.143.32.72:80 -> 187.36.217.149:2231

tcp: 63.143.32.72:80 -> 201.74.35.242:10645

tcp: 63.143.32.72:80 -> 177.0.42.246:3625

tcp: 63.143.32.72:80 -> 201.47.150.90:27878

tcp: 63.143.32.72:80 -> 177.0.42.246:3630

tcp: 63.143.32.72:80 -> 187.75.6.93:3941

tcp: 63.143.32.72:80 -> 201.45.198.190:2711

tcp: 63.143.32.72:80 -> 201.65.58.6:34884

tcp: 63.143.32.72:80 -> 187.87.151.62:50221

tcp: 63.143.32.72:80 -> 189.110.134.221:58787

tcp: 63.143.32.72:80 -> 189.110.81.213:50078

tcp: 63.143.32.72:80 -> 187.112.18.129:50716

tcp: 63.143.32.72:80 -> 189.81.26.7:61101

tcp: 63.143.32.72:80 -> 189.34.182.210:3165

tcp: 63.143.32.72:80 -> 189.47.3.226:59126

tcp: 63.143.32.72:80 -> 177.0.42.246:3632

tcp: 63.143.32.72:80 -> 187.87.151.62:50222

tcp: 63.143.32.72:80 -> 189.34.182.210:3163

tcp: 63.143.32.72:80 -> 201.45.198.190:2719

tcp: 63.143.32.72:80 -> 201.45.198.190:2720

tcp: 63.143.32.72:80 -> 189.47.3.226:59121

tcp: 63.143.32.72:80 -> 189.34.182.210:3164

tcp: 63.143.32.72:80 -> 187.101.49.161:51389

tcp: 63.143.32.72:80 -> 189.19.102.199:5167

tcp: 63.143.32.72:80 -> 189.58.125.163:3379

tcp: 63.143.32.72:80 -> 189.110.81.213:50081

tcp: 63.143.32.72:80 -> 186.216.234.190:63578

tcp: 63.143.32.72:80 -> 187.25.175.23:2107

tcp: 63.143.32.72:80 -> 187.101.49.161:51404

tcp: 63.143.32.72:80 -> 189.73.7.111:51626

tcp: 63.143.32.72:80 -> 201.78.70.156:43204

tcp: 63.143.32.72:80 -> 177.41.6.191:64513

tcp: 63.143.32.72:80 -> 189.50.141.66:55728

tcp: 63.143.32.72:80 -> 189.47.3.226:59122

tcp: 63.143.32.72:80 -> 177.0.42.246:3633

tcp: 63.143.32.72:80 -> 189.47.3.226:59123

tcp: 63.143.32.72:80 -> 177.41.6.191:64512

tcp: 63.143.32.72:80 -> 177.41.6.191:64515

tcp: 63.143.32.72:80 -> 177.41.6.191:64516

tcp: 63.143.32.72:80 -> 177.41.6.191:64517

tcp: 63.143.32.72:80 -> 187.25.175.23:2106

tcp: 63.143.32.72:80 -> 189.58.125.163:3382

tcp: 63.143.32.72:80 -> 189.58.125.163:3380

tcp: 63.143.32.72:80 -> 189.58.125.163:3381

tcp: 63.143.32.72:80 -> 189.50.141.66:55729

tcp: 63.143.32.72:80 -> 189.50.141.66:55727

tcp: 63.143.32.72:80 -> 189.50.141.66:55730

tcp: 63.143.32.72:80 -> 187.34.114.213:62359

tcp: 63.143.32.72:80 -> 189.105.38.58:56750

tcp: 63.143.32.72:80 -> 187.112.18.129:50733

tcp: 63.143.32.72:80 -> 177.0.42.246:3631

tcp: 63.143.32.72:80 -> 187.10.246.251:51801

tcp: 63.143.32.72:80 -> 200.179.128.242:50189

tcp: 63.143.32.72:80 -> 189.110.81.213:50099

tcp: 63.143.32.72:80 -> 189.110.81.213:50100

tcp: 63.143.32.72:80 -> 189.73.7.111:51627

tcp: 63.143.32.72:80 -> 187.112.18.129:50734

tcp: 63.143.32.72:80 -> 177.42.152.178:26045

tcp: 63.143.32.72:80 -> 189.25.88.166:2933

tcp: 63.143.32.72:80 -> 201.74.35.242:10642

tcp: 63.143.32.72:80 -> 187.101.49.161:51381

tcp: 63.143.32.72:80 -> 187.101.49.161:51380

tcp: 63.143.32.72:80 -> 177.85.64.154:57500

tcp: 63.143.32.72:80 -> 201.81.21.156:2044

tcp: 63.143.32.72:80 -> 187.25.175.23:2109

tcp: 63.143.32.72:80 -> 187.25.175.23:2110

tcp: 63.143.32.72:80 -> 189.83.225.136:2995

tcp: 63.143.32.72:80 -> 187.120.9.51:41390

tcp: 63.143.32.72:80 -> 187.25.175.23:2108

tcp: 63.143.32.72:80 -> 187.120.9.51:20353

tcp: 63.143.32.72:80 -> 200.179.128.242:47290

tcp: 63.143.32.72:80 -> 187.87.151.62:50218

tcp: 63.143.32.72:80 -> 187.87.151.62:50220

tcp: 63.143.32.72:80 -> 201.78.70.156:43201

tcp: 63.143.32.72:80 -> 201.1.120.40:3328

tcp: 63.143.32.72:80 -> 201.1.120.40:3329

tcp: 63.143.32.72:80 -> 201.74.35.242:10643

tcp: 63.143.32.72:80 -> 201.1.120.40:3332

tcp: 63.143.32.72:80 -> 200.179.128.242:53333

tcp: 63.143.32.72:80 -> 200.179.128.242:60724

tcp: 63.143.32.72:80 -> 200.179.128.242:50119

tcp: 63.143.32.72:80 -> 187.34.114.213:62357

tcp: 63.143.32.72:80 -> 201.1.120.40:3331

tcp: 63.143.32.72:80 -> 201.15.117.242:3765

tcp: 63.143.32.72:80 -> 201.81.21.156:2035

tcp: 63.143.32.72:80 -> 201.81.21.156:2042

tcp: 63.143.32.72:80 -> 189.68.196.78:17639

tcp: 63.143.32.72:80 -> 200.179.128.242:47256

tcp: 63.143.32.72:80 -> 201.81.21.156:2040

tcp: 63.143.32.72:80 -> 201.81.21.156:2043

tcp: 63.143.32.72:80 -> 201.81.21.156:2041

tcp: 63.143.32.72:80 -> 201.74.35.242:10644

tcp: 63.143.32.72:80 -> 189.105.38.58:56753

tcp: 63.143.32.72:80 -> 187.87.151.62:50219

tcp: 63.143.32.72:80 -> 187.34.114.213:62387

tcp: 63.143.32.72:80 -> 187.34.114.213:62383

tcp: 63.143.32.72:80 -> 187.34.114.213:62385

tcp: 63.143.32.72:80 -> 189.105.38.58:56752

tcp: 63.143.32.72:80 -> 189.105.38.58:56754

tcp: 63.143.32.72:80 -> 187.35.238.124:3782

tcp: 63.143.32.72:80 -> 189.105.38.58:56751

tcp: 63.143.32.72:80 -> 189.83.225.136:3006

tcp: 63.143.32.72:80 -> 189.83.225.136:3008

tcp: 63.143.32.72:80 -> 189.105.38.58:56755

tcp: 63.143.32.72:80 -> 201.15.117.242:3763

tcp: 63.143.32.72:80 -> 189.107.112.11:6116

tcp: 63.143.32.72:80 -> 201.15.117.242:3764

tcp: 63.143.32.72:80 -> 177.35.37.20:50664

tcp: 63.143.32.72:80 -> 201.74.35.242:10646

tcp: 63.143.32.72:80 -> 201.74.35.242:10647

tcp: 63.143.32.72:80 -> 187.58.105.61:2420

tcp: 63.143.32.72:80 -> 189.87.196.37:2587

tcp: 63.143.32.72:80 -> 187.35.238.124:3783

tcp: 63.143.32.72:80 -> 187.35.238.124:3784

tcp: 63.143.32.72:80 -> 187.35.238.124:3785

tcp: 63.143.32.72:80 -> 201.15.117.242:3766

tcp: 63.143.32.72:80 -> 201.15.117.242:3767

tcp: 63.143.32.72:80 -> 187.58.105.61:2421

tcp: 63.143.32.72:80 -> 189.1.128.84:11380

tcp: 63.143.32.72:80 -> 186.216.234.190:40562

tcp: 63.143.32.72:80 -> 189.81.26.7:61813

tcp: 63.143.32.72:80 -> 187.101.49.161:51400

tcp: 63.143.32.72:80 -> 177.42.152.178:26046

tcp: 63.143.32.72:80 -> 187.101.49.161:51402

tcp: 63.143.32.72:80 -> 177.42.152.178:26047

tcp: 63.143.32.72:80 -> 201.65.58.6:51368

tcp: 63.143.32.72:80 -> 177.42.152.178:26048

tcp: 63.143.32.72:80 -> 201.15.117.242:3768

tcp: 63.143.32.72:80 -> 186.216.234.190:29504

tcp: 63.143.32.72:80 -> 186.216.234.190:52407


Files open by the process (if any):

/dev/null

/dev/null

/var/log/nginx/error.log

/var/log/nginx/error.log

/var/log/nginx/vhost-error_log

Lembre-se que Streaming consome muito do servidor também!

Falo por experiência, estou pensando seriamente em assinar outro VPS somente para Streaming.

Não não tenho streaming. Apenas hosting.

Veja abaixo :(

Ngnix muitos erros!

Baixo load mais http fica com vários bugs.

System information

Server load 4.22 (3 CPUs)

Memory Used 36.34% (762,052 of 2,097,152)

Swap Used 0% (60 of 2,097,144)

Disk information

Device Mount point Usage 

/dev/loop0 /var/tmp 22% (101,111 of 495,844)

/dev/sda1 / 17% (19,127,704 of 123,854,820)

/usr/tmpDSK /tmp 29% (134,252 of 495,844)

Vc não tem nenhum cliente com Fórum ou algo parecido? Dependendo do sistema, consome bastante também...

Não não tenho apenas whmcs...

Voce ta com uma shell upada no seu server, estão tentando "rootar" seu server, exclua o arquivo:

/home/zonemixc/public_html/painel/uploads/fotos/c99_.php

Percebi isto!

Como posso encontrar ou scanear a buscar destas coisas?

Voce ta com uma shell upada no seu server, estão tentando "rootar" seu server, exclua o arquivo:

/home/zonemixc/public_html/painel/uploads/fotos/c99_.php

Agora começa a saga pra limpa o server, vai ser complicado se voce tiver muitas contas, mais instale o mod_security e não esqueça de definir as regras, habilite também o open_basedir

Edit: Notei que o ClamAV ta instalado, faça uma varredura com ele e pesquise aqui no fórum sobre maldet é um tutorial do chuva.