[CentOS] Find reason for heavy load

Noob Centos Admin centos.admin at gmail.com
Wed Dec 30 05:56:15 UTC 2009


Hi,

> last time I saw something like that, it was a bunch of chinese 'bots'
> hammering on my public services like ssh.
>another admin had turned
> pop3 on too, this created a very heavy load yet they didn't show up in
> top (bunches of pop3 and ssh processes showed up in ps -auxww,
> however, plug netstat -an

Unfortunately the server is meant for web/email purposes so I can't
turn off pop3/smtp. Naturally ps shows up a lot of httpd/mysql &
exim/dovecot processes but a cursory glance doesn't see any suspicious
IPs.

Similarly, I did a quick look at netstat -an and most of the IP are
from local ISP that my clients are using.

One thing that occurred to me is, does using iptables to block smtp
attempt uses more "system" resources as opposed to letting the bot
flood my smtp logs with pointless attempts? :)


More information about the CentOS mailing list