Linode High CPU Usage

Hi,

Since yesterday I have been receiving high cpu usage alert from Linode up to 196%. Normally it is limited to 20% only.

I have linode 2GB plan.

Now I am unable to figure out what's the issue. It's causing my blog traffic to all time low.

~~![](<URL url=)http://www.techswatch.com/wp-content/up … 09/hop.png">http://www.techswatch.com/wp-content/uploads/2014/09/hop.png" />

~~![](<URL url=)http://www.techswatch.com/wp-content/up … -graph.png">http://www.techswatch.com/wp-content/uploads/2014/09/linode-graph.png" />

System Load : 7.71

Tried to Reboot, Restarted Php5-fpm and Nginx.

Any idea how to resolve this?~~~~

8 Replies

Your htop graph shows PHP is using most of the cpu, check your web server access logs see if you're being crawled by a bot or something more malicious.

Hi,

Thank you for the reply. Since I am a newbie, I don't know much about it. Any command to see log file?

Look in your server logs (probably /var/log/nginx/access.log) and see if there are lots of POST requests to /xmlrpc. If so, try googling for solutions. I'm not a php or wordpress guy so just learning about this myself… a client linode running wordpress was getting hammered yesterday and CPU usage was really high all day.

@Ox-:

Look in your server logs (probably /var/log/nginx/access.log) and see if there are lots of POST requests to /xmlrpc. If so, try googling for solutions. I'm not a php or wordpress guy so just learning about this myself… a client linode running wordpress was getting hammered yesterday and CPU usage was really high all day.

THIS! I just had this happen the other week on a LAMP server that I had at another provider…CPU Usage was going nuts and was even higher then yours OP, turns out it was XMLRPC getting pounded, there's Wordpress plugins to disable it or you can disable access to it via nginx configuration/htaccess for apache.

I just had a similar problem to this today, and with research discovered that it indeed was due to a DOS xmlrpc attack. For now, I've added the following to the impacted site's .htaccess file, and it immediately fixed the problem, which was consuming all CPU resources even with all other traffic relatively low…

begin fix for xmlrpc exploits

Order allow,deny

Deny from all

end fix for xmlrpc exploits

I have found that the allow,deny doesn't work in all cases and have opted to use a rewrite rule to point XMLRPC POST calls to 0.0.0.0 - this has helped with my high IO rates and CPU Usage immensely with Wordpress sites being attacked.

RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

That would work if the OS was windows.

@derfy:

That would work if the OS was windows.

That is why the OP should check logs because it may be something similar but probably not identical.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct