• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0
Sign in to follow this  

DIagnosing Unknown Intensive Script

Question

lt8480    51

A site I manage has been temporarily been disabled, I have been told the following by the host:

 

Quote

I noticed that one of your accounts is running multiple instance of resource intensive scripts, overloading the entire server. Details can be found below.

===============================================
10530 core 18 0 100m 27m 7592 R 65.7 0.8 0:00.34 /usr/bin/php /home/core/public_html/index.php
10532 core 18 0 99968 24m 7380 R 52.2 0.8 0:00.27 /usr/bin/php /home/core/public_html/index.php
10521 core 18 0 100m 27m 7676 R 40.6 0.8 0:00.41 /usr/bin/php /home/core/public_html/index.php
10534 core 18 0 92908 17m 7376 R 27.1 0.5 0:00.14 /usr/bin/php /home/core/public_html/index.php
10497 core 19 0 100m 27m 7680 R 17.4 0.8 0:00.42 /usr/bin/php /home/core/public_html/index.php

10537 core 18 0 52432 8756 5380 S 5.8 0.3 0:00.03 /usr/bin/php /home/core/public_html/index.php

 

I have been forced to disable web access to your account to stabilize the server.

 

Once you optimize your script and database queries we can restore complete web access.

Any idea what the above means or how it is of any use in diagnosing the problem? I can get into cPanel and WHM to edit files, but can't view the site live.

 

The website is Wordpress (so index.php mainly links to other files), there are also a few custom scripts and a couple of plug-ins, which I assume is causing the issue rather than Wordpress itself.

 

Any idea how on earth I am meant to diagnose this with such limited info? - I've tried asking them to elaborate but they are not being very helpful.

 

I've now asked them if there is there some way for me to test the site and check the loading - and what would be "acceptable" on the load? - Of course it's really difficult to know what I'm looking for or how changes affect the load.

 

If I could test the site and loading/performances somehow I could temporarily disable scripts and plug-ins to try and find out which one is causing a problem but without this I'm lost for ideas.

 

Any suggestions in how to approach, or anything suggestions for things I could ask the host to provide to help diagnose?

 

 

Share this post


Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0
Seahorsepip    610

Always make a backup of the website and the database first!

 

Probably a malicious plugin or modified file by using a security exploit in a malicious plugin, check if any files have been modified recently.

 

Also check plugin versions and see if any newer version is available, consider disabling any unnecessary plugins that haven't been updated since 2000.

 

Don't forget to check if wordpress is up to date.

 

Lastly you can checkout the wordfence plugin which does some of these things and more.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.