Abd El-Hameed Ayad wrote: > I have a CentOS 3.8 server which i manage for web hosting (web server, > mail server + database server). Today i got it down because of an > attack, here is the last snapshot of top command before server dies > > 09:47:30 up 21 days, 6:54, 1 user, load average: 363.88, 727.82, 253.42 > 3949 processes: 135 sleeping, 3800 running, 14 zombie, 0 stopped > CPU states: cpu user nice system irq softirq iowait idle > total 0.6% 0.0% 99.2% 0.0% 0.0% 0.0% 0.0% > cpu00 0.4% 0.0% 99.4% 0.0% 0.0% 0.0% 0.0% > cpu01 0.8% 0.0% 99.0% 0.0% 0.1% 0.0% 0.0% > Mem: 2055236k av, 1935836k used, 119400k free, 0k shrd, 188120k > buff > 1286892k actv, 165568k in_d, 17336k in_c > Swap: 2040244k av, 22676k used, 2017568k free 901000k > cached > > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND > 6515 root 19 0 10048 9.8M 2612 R 3.9 0.4 1:06 1 cpsrvd-ssl > 7175 root 18 0 564 564 492 S 2.7 0.0 0:03 0 > couriertcpd > 10365 nobody 19 0 11020 10M 2352 R 2.5 0.5 0:08 0 httpd > 1998 root 19 0 10724 10M 2140 R 2.4 0.5 3:02 1 httpd > 10719 mailnull 19 0 1892 1892 1548 R 1.8 0.0 3:49 0 exim > 7169 root 19 0 552 552 476 R 1.8 0.0 0:10 1 > couriertcpd > 29384 manmoud 25 0 380 380 308 R 1.0 0.0 0:01 0 2-4-21 > 26278 manmoud 24 0 420 420 308 R 0.9 0.0 0:01 1 2-4-21 > 26519 manmoud 25 0 420 420 308 R 0.9 0.0 0:01 1 2-4-21 > 26524 manmoud 25 0 424 424 308 R 0.9 0.0 0:01 1 2-4-21 > 29368 manmoud 25 0 412 412 308 R 0.9 0.0 0:01 1 2-4-21 > 25916 manmoud 24 0 388 388 308 R 0.8 0.0 0:01 0 2-4-21 > 25922 manmoud 25 0 388 388 308 R 0.8 0.0 0:01 0 2-4-21 > > Clearly, the user manmod caused this huge load. > Are there any way to prevent such high load caused by any user on the > system except root?? I would really recommend you to use monitoring on this server, I personnaly use nagios wich does a very good job. You can set it up on this specific server or on an external one. > > thanx