Advice for finding a leaky Apache (probably PHP) process
Joe Auty
joe at netmusician.org
Sun Apr 25 07:11:05 UTC 2010
Adam Vande More wrote:
> On Sat, Apr 24, 2010 at 8:02 PM, Joe Auty <joe at netmusician.org
> <mailto:joe at netmusician.org>> wrote:
>
> Hello,
>
> I'm wondering if you guys have any general tips on how to find the
> Apache process/app that is gobbling up my RAM randomly until my
> machine
> crashes and I'm forced to reboot? I'm tired of staring at top and
> working with flimsy hacks such as 10 minute Apache restart cronjobs.
>
> This seems to start (or worsen) after updating to PHP 5.3, but this is
> not happening on my test machine where PHP 5.3 is also installed
> and the
> same apps are used (although not publicly).
>
> General tips and suggestions are welcome here!
>
> THanks in advance...
>
>
> Have you tried working with php's mem limit abilities? The base
> system provides procstat for tracking invidual process info. You
> could try something like appending ps aux > file every minute or so to
> track growth etc. Can you provide more info about the php app?
>
> --
> Adam Vande More
Well, I'm fishing. It is also possible that I'm seeing a denial of
service attack or something, but the result is my Apache processes
ballooning and CPU usage for some of my httpd processes going up to
around 100%. There are several PHP apps running on the server, so it is
very hard to pinpoint things to one app, which is part of the problem.
I can actually see the memory growth, I can sit and watch top and see my
memory consumption balloon until the machine swaps and then just grinds
to a halt. Sometimes it gets so bad that I'm forced to killall -9 httpd
just to bring the machine back to life.
What are some good techniques for trying to ascertain whether a
particular web app is being exploited for some sort of attack? Since I
had to recompile PHP and all of my PHP extensions is there a possibility
that a particular extension is causing memory consumption to balloon? A
long time ago I had an attack on a very old version of WordPress. I
found this via my Apache server-status page, but it was sort of a pure
fluke that I did find this. Surely there has to be better ways to
connect httpd processes to pages that are being served?
I wish that the machine was a little more responsive when I get to this
point so that I can ktrace the processes...
Thanks for your help!
--
Joe Auty, NetMusician
NetMusician helps musicians, bands and artists create beautiful,
professional, custom designed, career-essential websites that are easy
to maintain and to integrate with popular social networks.
www.netmusician.org <http://www.netmusician.org>
joe at netmusician.org <mailto:joe at netmusician.org>
More information about the freebsd-questions
mailing list