[CentOS] Memory leak - how to investigate

Mon Feb 3 20:32:34 UTC 2014
Always Learning <centos at u62.u22.net>

> > On Mon, Feb 3, 2014 at 8:43 AM, Jussi Hirvi <listmember at greenspot.fi>
> > wrote:
> >
> >> My web & name server runs out of memory from time to time, to the point
> >> where it's completely unresponsive to anything. At that point reset is
> >> the only alternative. (Or, as this is a virtual guest, I just say "virsh
> >> destroy").

I have 4 web servers. Every day I read the Logwatches, the 'home-made'
web activity analysis reports and the instant emails created for every
web access error (can't seem to trap 500 though).

I allow the major crawlers like M$, Google, Yahoo, Yandex (Russian) and
Facebook. I don't block crawlers in robots.txt because updating it is
time-consuming. Instead I block data centre IP ranges.

Every non-standard web access initiates a spontaneous emailed alert. 403
and 404 requests are automatically matched against a list of know
hacking names. Identified matches causes the requesting IP to be
automatically added to the monthly IP blocked list. The generated email,
comprehensively full of technical details, is ready for copy and pasting
into an email complaint if necessary.

Some well-known hacking names result in Apache re-directs to Chinese web

PUTs are specifically allowed. Anyone trying OPTION, PUT in
unauthorised, therefore unnecessary, sites and directories get their IP
added to the monthly blocked list.  Usually hackers instantly switch to
other compromised IPs and they get blocked too.

If you are serious about running a web server you have to know, daily,
what is happening so you can react at the time. Waiting until everything
grinds to a halt means you have failed. The good news is your awareness
and monitoring can improve.

For every web site hosted my daily activity report shows summary totals
for HTML and PHP pages accessed per site. It also lists, for every site,
every IP address and the total of HTML and PHP pages individual IPs have
accessed. Wading through long lists is boring but you can instantly spot
potential problems.  

Being a computer programmer means with HTML, CSS and PHP, I can know
what is happening and respond to abuses with a full range of instantly
deployable 'tools'.

Its a learning curve and it does take time, but you'll get better :-)


   Our systems are exclusively Linux (Centos of course). No Micro$oft Windoze here.