|
I have my server optimized already following the advice I've seen in several threads on Vbulletin.com.
But here is the big issue, and I can't figure out if it is someone hacking my site or exploiting a hole in my vbulletin (3.0.9)
Anyway, here it is:
I keep getting this process:
nobody 0.0 1.6 /usr/local/apache/bin/httpd -DSSL
Over and over and over.... until the server is overloaded at load averages of like 70.
The same thing goes for mysql, I'll have processes that look like this:
mysql 0.0 7.0 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/server1.XXXXXXXXXXX.net.pid --skip-locking --socket=/var/lib/mysql/mysql.sock
And they'll be using like 30% of the available Mem %
Is traced one of the nobody processes and it came up with a long series of coding.... but here are a few of the tidbits that it displayed
getcwd("/home/XXXXX/public_html", 4096) = 25
lstat64("/home", {st_mode=S_IFDIR|0711, st_size=4096, ...}) = 0
lstat64("/home/XXXXX", {st_mode=S_IFDIR|0711, st_size=4096, ...}) = 0
lstat64("/home/XXXXX/public_html", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
lstat64("/home/XXXXX/public_html/includes", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/home/XXXXX/public_html/includes/functions.php", {st_mode=S_IFREG|0644, st_size=108494, ...}) = 0
open("/home/XXXXX/public_html/includes/functions.php", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=108494, ...}) = 0
getcwd("/home/XXXXX/public_html", 4096) = 25
lstat64("/home", {st_mode=S_IFDIR|0711, st_size=4096, ...}) = 0
lstat64("/home/XXXXX", {st_mode=S_IFDIR|0711, st_size=4096, ...}) = 0
lstat64("/home/XXXXX/public_html", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
lstat64("/home/XXXXX/public_html/includes", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/home/XXXXX/public_html/includes/functions_bbcodeparse.php", {st_mode=S_IFREG|0644, st_size=52403, ...}) = 0
open("/home/XXXXX/public_html/includes/functions_bbcodeparse.php", O_RDONLY) = 5
Any help would be appreciated
|
