Hi guys, i am running ubuntu 18.04 and ispconfig 3.1 when i am running top command i get 5 processes of web 4 with php-fpm7.2 so i imagine there are 5 people who open the website now on their browser. The website is not really online there is nothing interesting in there so i wonder why i have a serverload of 1.3 (VPS ) with 70 % CPU usage of the web 4 when there is nothing interesting. In log/syslog i can see only smtp postfix someone try to connect with the same ip class c. many times my question is: why i dont see http access in syslog and how can i stop the fpm traffic for this domain there seems to be something going on but i can not find out. btw, before one account of this server was hacked i deleted the website and will setup the backup soon. As well i secured the server even more. i hope i could explain my problem well. thanks a lot for your kind help
You can use lsof to see what files handles the processes have open, and strace or ltrace to trace system/library calls made, to maybe get an idea of what they're doing.
http server does not write its log to syslog. There is another log for that, for apache in directory /var/log/apache2/.