Help on possible security problem

I've received this automated message from Linode:

"

Your Linode, has exceeded the notification threshold (90) for CPU Usage by averaging 106.5% for the last 2 hours.

"

I checked and there was a massive increase in CPU usage I open a support ticket and asked "…..I'm concerned what could be causing this spike. Do you have any way of finding this out, are we being hit with spam or used to flow emails or something similar? is there a way of checking this?…"

Support suggested: "…You may want to ask the active user community for more assistance and avenues of investigation…."

So here I am, I'm new to this Server hosting, VPS and Linode, and trying to come to grips with it all.

Can anybody advise me on these two questions

is there a way of finding out what caused the spikes?

is the software I can install to protect and monitor for this?

We have LAMP with Debian 5

Thanks

4 Replies

The library has a couple of articles to get you started.

http://library.linode.com/server-monitoring

Plus there's been more then a few threads in the forum about debugging CPU/RAM ran wild problems.

You can run top or ps and check out what's actually using the CPU.

Try installing htop it nicely colours everything so it's easier to read.

One interesting data point I've seen while going over these graphs in tickets has to do with the fact that a Linode has access to four cores. As a result, CPU usage can go up to 400% average in theory.

What's interesting about that is a single threaded program, in a tight spin, will consume exactly 100% of CPU on your graph with little variance. If, all of a sudden, your CPU pegs at a multiple of 100% (even 200% or 300%) and it doesn't change at all, have a look at ps or htop and look for a process using 100% CPU. I've noticed it happening when a program crashes, and sits there spinning hard.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct