Monday, April 1, 2013

Load due to a particular domain in the server

Whenever the load in the server increases due to a particular user in the server. Check the following:

Find the domain owned by the user:

grep username /etc/userdomains

use the following command after you get the domain name:

less /usr/local/apache/domlogs/ | awk ‘{print $1}’ | sort | uniq -c | sort -n

This will give the ip and number of connections in the descending order. For example:

In the above case we can see too many connections from those ips. This is surely abnormal. Immediately block such ips in the server using csf

csf -d IP

[if not present use iptables].

No comments:

Post a Comment