Discussion in 'Server Operation' started by Tom John, Nov 16, 2020.

  1. Tom John

    Tom John Active Member HowtoForge Supporter

    Hi guys,
    i am running ubuntu 18.04 and ispconfig 3.1
    when i am running top command i get 5 processes of web 4 with php-fpm7.2
    so i imagine there are 5 people who open the website now on their browser.
    The website is not really online there is nothing interesting in there so i wonder why i have a serverload of 1.3 (VPS ) with 70 % CPU usage of the web 4 when there is nothing interesting.
    In log/syslog i can see only smtp postfix someone try to connect with the same ip class c. many times

    my question is:
    why i dont see http access in syslog and how can i stop the fpm traffic for this domain there seems to be something going on but i can not find out.

    btw, before one account of this server was hacked i deleted the website and will setup the backup soon. As well i secured the server even more.
    i hope i could explain my problem well.

    thanks a lot for your kind help
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You can use lsof to see what files handles the processes have open, and strace or ltrace to trace system/library calls made, to maybe get an idea of what they're doing.
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    http server does not write its log to syslog. There is another log for that, for apache in directory /var/log/apache2/.

Share This Page