系统负载超高,但是网站是新站,几乎没有流量
这台VPS上一共三个站,都是几乎无流量的小站,最近放了个新站,发现经常性的502,奇怪的是其他两个站访问正常。重启下lnmp又正常了,过一段时间打开又开始变慢,如此反复。。。80端口有些莫名其妙的连接:
# lsof -i:80
COMMANDPID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 1116 root 8uIPv4 3462422191 0t0TCP *:http (LISTEN)
nginx 1117www 8uIPv4 3462422191 0t0TCP *:http (LISTEN)
nginx 1118www 8uIPv4 3462422191 0t0TCP *:http (LISTEN)
nginx 1118www 14uIPv4 3462618469 0t0TCP 107.191.XXX.XX:http->149.165.86.110.broad.pt.fj.dynamic.163data.com.cn:feitianrockey (ESTABLISHED)
nginx 1118www 15uIPv4 3462619601 0t0TCP 107.191.XXX.XX:http->112.111.191.136:16257 (ESTABLISHED)
nginx 1118www 20uIPv4 3462647780 0t0TCP 107.191.XXX.XX:http->223.243.109.13:52469 (ESTABLISHED)
nginx 1118www 29uIPv4 3462645316 0t0TCP 107.191.XXX.XX:http->173.208.173.42:55913 (ESTABLISHED)
nginx 1118www 31uIPv4 3462643540 0t0TCP 107.191.XXX.XX:http->crawl-66-249-79-119.googlebot.com:58502 (ESTABLISHED)
nginx 1119www 8uIPv4 3462422191 0t0TCP *:http (LISTEN)
nginx 1119www 11uIPv4 3462703142 0t0TCP 107.191.XXX.XX:http->boson041.ahrefs.com:58643 (ESTABLISHED)
nginx 1119www 15uIPv4 3462666615 0t0TCP 107.191.XXX.XX:http->140.237.37.203:60350 (ESTABLISHED)
nginx 1119www 16uIPv4 3462691062 0t0TCP 107.191.XXX.XX:http->136.169.161.220.broad.pt.fj.dynamic.163data.com.cn:55143 (ESTABLISHED)
nginx 1119www 19uIPv4 3462678875 0t0TCP 107.191.XXX.XX:http->boson077.ahrefs.com:51986 (ESTABLISHED)
nginx 1119www 21uIPv4 3462679806 0t0TCP 107.191.XXX.XX:http->boson067.ahrefs.com:55047 (ESTABLISHED)
nginx 1119www 23uIPv4 3462681204 0t0TCP 107.191.XXX.XX:http->boson011.ahrefs.com:44385 (ESTABLISHED)
nginx 1119www 25uIPv4 3462683345 0t0TCP 107.191.XXX.XX:http->boson043.ahrefs.com:48368 (ESTABLISHED)
nginx 1119www 27uIPv4 3462686250 0t0TCP 107.191.XXX.XX:http->boson073.ahrefs.com:58269 (ESTABLISHED)
nginx 1119www 29uIPv4 3462687290 0t0TCP 107.191.XXX.XX:http->boson025.ahrefs.com:59713 (ESTABLISHED)
nginx 1119www 30uIPv4 3462687757 0t0TCP 107.191.XXX.XX:http->boson067.ahrefs.com:60361 (ESTABLISHED)
nginx 1119www 32uIPv4 3462687967 0t0TCP 107.191.XXX.XX:http->boson097.ahrefs.com:55584 (ESTABLISHED)
nginx 1119www 34uIPv4 3462696032 0t0TCP 107.191.XXX.XX:http->254.250.159.27.broad.pt.fj.dynamic.163data.com.cn:52048 (ESTABLISHED)
nginx 1119www 37uIPv4 3462691934 0t0TCP 107.191.XXX.XX:http->boson073.ahrefs.com:33118 (ESTABLISHED)
nginx 1119www 38uIPv4 3462695076 0t0TCP 107.191.XXX.XX:http->boson067.ahrefs.com:37240 (ESTABLISHED)
nginx 1119www 40uIPv4 3462707462 0t0TCP 107.191.XXX.XX:http->boson071.ahrefs.com:38791 (ESTABLISHED)
nginx 1119www 42uIPv4 3462716436 0t0TCP 107.191.XXX.XX:http->boson073.ahrefs.com:47820 (ESTABLISHED)
nginx 1120www 8uIPv4 3462422191 0t0TCP *:http (LISTEN)
nginx 1120www 30uIPv4 3462610279 0t0TCP 107.191.XXX.XX:http->254.250.159.27.broad.pt.fj.dynamic.163data.com.cn:65024 (ESTABLISHED)
nginx 1120www 46uIPv4 3462556511 0t0TCP huxiaom:http->180.154.152.185:36875 (ESTABLISHED)
php-fpm 1572www 5uIPv4 3462714582 0t0TCP huxiaom:51245->142.91.43.98.rdns.as15003.net:http (ESTABLISHED)
php-fpm 1642www 5uIPv4 3462707510 0t0TCP huxiaom:51175->142.91.43.98.rdns.as15003.net:http (ESTABLISHED)
php-fpm 1643www 5uIPv4 3462707461 0t0TCP huxiaom:51171->142.91.43.98.rdns.as15003.net:http (ESTABLISHED)
php-fpm 1659www 5uIPv4 3462713966 0t0TCP huxiaom:51242->142.91.43.98.rdns.as15003.net:http (ESTABLISHED)
php-fpm 1736www 5uIPv4 3462714435 0t0TCP huxiaom:51244->142.91.43.98.rdns.as15003.net:http (ESTABLISHED)
php-fpm 2405www 5uIPv4 3462713749 0t0TCP huxiaom:51239->142.91.43.98.rdns.as15003.net:http (ESTABLISHED)
php-fpm 2414www 5uIPv4 3462713765 0t0TCP huxiaom:51240->142.91.43.98.rdns.as15003.net:http (ESTABLISHED)
php-fpm 2420www 5uIPv4 3462719309 0t0TCP huxiaom:51300->142.91.43.98.rdns.as15003.net:http (ESTABLISHED)
php-fpm 2425www 5uIPv4 3462712558 0t0TCP huxiaom:51226->142.91.43.98.rdns.as15003.net:http (ESTABLISHED)
php-fpm 2429www 5uIPv4 3462718260 0t0TCP huxiaom:51282->142.91.43.98.rdns.as15003.net:http (ESTABLISHED)
php-fpm 2461www 5uIPv4 3462718505 0t0TCP huxiaom:51285->142.91.43.98.rdns.as15003.net:http (ESTABLISHED)
php-fpm 2467www 6uIPv4 3462718865 0t0TCP huxiaom:58178->59.188.183.226:http (ESTABLISHED)
网站几乎没有流量,为什么实际内存占用这么高呢?
另外:之前是512M的内存,我后来升级到1G,居然还是内存爆满:Q:Q:Q:Q
top:这台cps之前当做PT盒子用过,现在不用了,transmission服务也已经kill掉了,还是没有解决
[ 本帖最后由 turandot 于 2014-12-23 23:50 编辑 ] php开慢日志看看,方法看502置顶帖
回复 2# 的帖子
恩,慢日志发现了问题,是其中一个用织梦做的站被黑了:Q :Q :Q :Q :Q织梦的漏洞好难打啊,唉只是织梦的站被黑,一堆木马文件和生成的6合彩页面,这是他拿到了什么权限啊?清理是清理掉了,但是不知道怎么堵。。。
[ 本帖最后由 turandot 于 2014-12-24 14:12 编辑 ] 织梦漏洞好像不少,具体怎么进去的不好说,开了日志的话可能会好找些
可按这个https://www.vpser.net/security/lnmp-remove-nginx-php-execute.html将不用执行php的目录的php执行权限去掉 我和你遇到一样的问题了,discuz和wp的程序被上传了大量的垃圾文件,并且文件夹能有很多层,删都删不完,无奈,全部重新安装了,但一直找不到原因。
页:
[1]