• 0

DIagnosing Unknown Intensive Script


Question

A site I manage has been temporarily been disabled, I have been told the following by the host:

 

  Quote

I noticed that one of your accounts is running multiple instance of resource intensive scripts, overloading the entire server. Details can be found below.

===============================================
10530 core 18 0 100m 27m 7592 R 65.7 0.8 0:00.34 /usr/bin/php /home/core/public_html/index.php
10532 core 18 0 99968 24m 7380 R 52.2 0.8 0:00.27 /usr/bin/php /home/core/public_html/index.php
10521 core 18 0 100m 27m 7676 R 40.6 0.8 0:00.41 /usr/bin/php /home/core/public_html/index.php
10534 core 18 0 92908 17m 7376 R 27.1 0.5 0:00.14 /usr/bin/php /home/core/public_html/index.php
10497 core 19 0 100m 27m 7680 R 17.4 0.8 0:00.42 /usr/bin/php /home/core/public_html/index.php

10537 core 18 0 52432 8756 5380 S 5.8 0.3 0:00.03 /usr/bin/php /home/core/public_html/index.php

 

I have been forced to disable web access to your account to stabilize the server.

 

Once you optimize your script and database queries we can restore complete web access.

Expand  

Any idea what the above means or how it is of any use in diagnosing the problem? I can get into cPanel and WHM to edit files, but can't view the site live.

 

The website is Wordpress (so index.php mainly links to other files), there are also a few custom scripts and a couple of plug-ins, which I assume is causing the issue rather than Wordpress itself.

 

Any idea how on earth I am meant to diagnose this with such limited info? - I've tried asking them to elaborate but they are not being very helpful.

 

I've now asked them if there is there some way for me to test the site and check the loading - and what would be "acceptable" on the load? - Of course it's really difficult to know what I'm looking for or how changes affect the load.

 

If I could test the site and loading/performances somehow I could temporarily disable scripts and plug-ins to try and find out which one is causing a problem but without this I'm lost for ideas.

 

Any suggestions in how to approach, or anything suggestions for things I could ask the host to provide to help diagnose?

 

 

Link to comment
https://www.neowin.net/forum/topic/1317760-diagnosing-unknown-intensive-script/
Share on other sites

1 answer to this question

Recommended Posts

  • 0

Always make a backup of the website and the database first!

 

Probably a malicious plugin or modified file by using a security exploit in a malicious plugin, check if any files have been modified recently.

 

Also check plugin versions and see if any newer version is available, consider disabling any unnecessary plugins that haven't been updated since 2000.

 

Don't forget to check if wordpress is up to date.

 

Lastly you can checkout the wordfence plugin which does some of these things and more.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I can't believe it was only two years since the last time MS raised their prices and now they think they can do it again so soon. Of course they needed to backtrack on this. I hope Nintendo is next.
    • I guess I gotta be even more specific then since I'm looking for an absolute confirmation.  The mini PC has never booted up or powered on by me. I'm assuming it'll be like buying a new PC from a store. Nothing is set up. Like absolutely nothing on the mini PC because I can't emphasize this enough. My USB drive already has Windows set up on it from my other desktop so I know it's clean. So now I connect it to the mini PC before it's even booted up or go to the desktop. I then turn on the mini PC and boot into the USB drive. I should see an existing partition. I'll delete it and then install Windows again over the entire drive. I don't necessarily want to create a separate partition. Once it installs and boots to the desktop, I'm assuming the drive is "clean" and free of any malware/viruses. Basically, this process will eliminate any potential for malware/viruses to still somehow hide in the SSD and then potentially affect me later.  I'm being very anal about this because I really don't trust anything bought from AliExpress, but the price was very tempting.  Is Windows Defender reliable? Afterwards, if I do a full scan and it doesn't find anything in the SSD and the USB drive, can I be confident the mini PC is now safe and secured to enter my banking credentials? If not, what else can I do to be absolutely certain?
    • I got an ESR Qi2 vent charger for my car and it's fantastic. It's very strong magnet and holds the phone securely over the worst potholes/roads, and my iPhone does charge. In Summer, the AC blows on the vent keeps and keeps the phone cold. In winter, I just close that vent, so it still stays cold. I agree with you on the Android front. Why not just build in the magnets like Apple does? It's frustrating to buy a case that adds magnets.
    • Hey, I've been using Windows since I was a little tyke. But for the last 15 years, I have been using Linux. I'm using EndeavourOS/Arch atm. wipe it, as in deleting anything from the SSD in the computer. Make a new partition. USB booting device should be free of malware, as long as you download it directly friom MS. Not some XYZ company.
    • "Nuking it" is slang for doing a clean install. USB installation media... delete the partition... start fresh.
  • Recent Achievements

    • Collaborator
      fernan99 earned a badge
      Collaborator
    • Collaborator
      MikeK13 earned a badge
      Collaborator
    • One Month Later
      Alexander 001 earned a badge
      One Month Later
    • One Month Later
      Antonio Barboza earned a badge
      One Month Later
    • Week One Done
      Antonio Barboza earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      581
    2. 2
      ATLien_0
      216
    3. 3
      Michael Scrip
      169
    4. 4
      Xenon
      136
    5. 5
      +FloatingFatMan
      125
  • Tell a friend

    Love Neowin? Tell a friend!