I'm sitting here trying to figure out what is happening to my server! One thing I know so far is it has to do with Blog Engage a site I own. I have stop and start httpd and the server load will not drop at all. I will free up 1500 mb of ram but that's it, the CPU is jammed and continues to jam up. netstat -apn | grep :80 Code (markup): 208.109.106.214 is me tcp 266 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.109:57663 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.181:56676 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:80.248.228.100:47098 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:141.138.214.13:58200 ESTABLISHED 30900/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:141.138.214.13:50781 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.53:36718 FIN_WAIT2 - tcp 0 341 ::ffff:208.109.106.214:80 ::ffff:68.4.67.227:63020 LAST_ACK - tcp 0 341 ::ffff:208.109.106.214:80 ::ffff:68.4.67.227:63022 LAST_ACK - tcp 362 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.143:40656 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:141.138.208.12:54956 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.182.189.24:42878 ESTABLISHED 31208/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.47:53107 FIN_WAIT2 - tcp 359 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.37:50885 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.182.112.24:57990 FIN_WAIT2 - tcp 0 13032 ::ffff:208.109.106.214:80 ::ffff:83.140.221.167:42053 ESTABLISHED 30854/httpd tcp 339 0 ::ffff:208.109.106.214:80 ::ffff:141.138.215.13:50022 ESTABLISHED - tcp 327 0 ::ffff:208.109.106.214:80 ::ffff:141.138.214.14:43898 ESTABLISHED - tcp 0 610 ::ffff:208.109.106.214:80 ::ffff:83.140.221.59:48350 FIN_WAIT1 - tcp 370 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.165:51520 ESTABLISHED - tcp 0 41818 ::ffff:208.109.106.214:80 ::ffff:83.140.95.169:44493 FIN_WAIT1 - tcp 348 0 ::ffff:208.109.106.214:80 ::ffff:80.248.228.120:50642 ESTABLISHED - tcp 0 341 ::ffff:208.109.106.214:80 ::ffff:68.4.67.227:63004 LAST_ACK - tcp 423 0 ::ffff:208.109.106.214:80 ::ffff:86.164.118.60:51030 ESTABLISHED - tcp 0 14326 ::ffff:208.109.106.214:80 ::ffff:193.182.189.23:41566 FIN_WAIT1 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.91.209:44810 ESTABLISHED 30836/httpd tcp 325 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.89:34994 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.94.210:55050 FIN_WAIT2 - tcp 382 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.157:59634 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.182.112.21:49324 ESTABLISHED 30882/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.87:36537 ESTABLISHED 30902/httpd tcp 0 341 ::ffff:208.109.106.214:80 ::ffff:68.4.67.227:63002 LAST_ACK - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.94.200:35081 ESTABLISHED 30891/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.90.200:51470 FIN_WAIT2 - tcp 352 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.33:40789 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.181:55107 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.177:40132 TIME_WAIT - tcp 382 0 ::ffff:208.109.106.214:80 ::ffff:141.138.214.11:53384 ESTABLISHED - tcp 0 341 ::ffff:208.109.106.214:80 ::ffff:68.4.67.227:62988 LAST_ACK - tcp 366 0 ::ffff:208.109.106.214:80 ::ffff:80.248.233.153:40995 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:149.132.178.15:49671 TIME_WAIT - tcp 412 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.113:41224 ESTABLISHED - tcp 0 341 ::ffff:208.109.106.214:80 ::ffff:68.4.67.227:62984 LAST_ACK - tcp 355 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.195:37823 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.81:51923 ESTABLISHED 30831/httpd tcp 378 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.43:44203 ESTABLISHED - tcp 382 0 ::ffff:208.109.106.214:80 ::ffff:193.234.222.82:44852 ESTABLISHED - tcp 340 0 ::ffff:208.109.106.214:80 ::ffff:80.248.228.102:58403 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.180.166.21:54162 FIN_WAIT2 - tcp 362 0 ::ffff:208.109.106.214:80 ::ffff:193.182.112.19:54072 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.95.207:60910 ESTABLISHED 30867/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:80.248.233.147:57035 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.125:38629 FIN_WAIT2 - tcp 324 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.151:53792 ESTABLISHED - tcp 0 341 ::ffff:208.109.106.214:80 ::ffff:68.4.67.227:62958 LAST_ACK - tcp 0 10136 ::ffff:208.109.106.214:80 ::ffff:83.140.95.103:54264 ESTABLISHED 30906/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.49:44674 FIN_WAIT2 - tcp 326 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.129:38176 ESTABLISHED - tcp 435 0 ::ffff:208.109.106.214:80 ::ffff:190.0.50.38:58464 CLOSE_WAIT - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:141.138.208.12:35927 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:114.143.36.12:56030 TIME_WAIT - tcp 0 14480 ::ffff:208.109.106.214:80 ::ffff:94.244.184.180:58753 ESTABLISHED 30893/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:223.177.149.20:46740 TIME_WAIT - tcp 297 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.91:35191 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:80.248.237.107:44316 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:69.31.103.29:36099 TIME_WAIT - tcp 353 0 ::ffff:208.109.106.214:80 ::ffff:141.138.208.14:36537 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.92.200:40386 FIN_WAIT2 - tcp 0 11774 ::ffff:208.109.106.214:80 ::ffff:83.140.113.7:34199 FIN_WAIT1 - tcp 370 0 ::ffff:208.109.106.214:80 ::ffff:93.158.93.177:51998 ESTABLISHED - tcp 362 0 ::ffff:208.109.106.214:80 ::ffff:141.138.215.14:40103 ESTABLISHED - tcp 358 0 ::ffff:208.109.106.214:80 ::ffff:80.248.237.129:50427 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.94.204:59320 FIN_WAIT2 - tcp 366 0 ::ffff:208.109.106.214:80 ::ffff:46.59.89.203:39352 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.27:42079 ESTABLISHED 31342/httpd tcp 340 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.55:41436 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:93.158.91.179:34409 ESTABLISHED 30832/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.180.166.22:42189 FIN_WAIT2 - tcp 0 13032 ::ffff:208.109.106.214:80 ::ffff:46.59.94.200:55469 ESTABLISHED 30868/httpd tcp 370 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.183:46177 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.31:35909 ESTABLISHED 30848/httpd tcp 370 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.33:44025 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.73:53267 ESTABLISHED 30875/httpd tcp 356 0 ::ffff:208.109.106.214:80 ::ffff:80.248.235.155:59010 ESTABLISHED - tcp 362 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.107:59034 ESTABLISHED - tcp 0 12582 ::ffff:208.109.106.214:80 ::ffff:46.59.94.210:50310 FIN_WAIT1 - tcp 330 0 ::ffff:208.109.106.214:80 ::ffff:80.248.230.142:44961 ESTABLISHED - tcp 332 0 ::ffff:208.109.106.214:80 ::ffff:80.248.230.154:32949 ESTABLISHED - tcp 366 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.39:57582 ESTABLISHED - tcp 0 1 ::ffff:208.109.106.214:80 ::ffff:213.37.175.23:52132 LAST_ACK - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.5:48879 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:141.138.208.86:39728 FIN_WAIT2 - tcp 357 0 ::ffff:208.109.106.214:80 ::ffff:193.180.166.20:37368 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:80.248.237.129:58289 FIN_WAIT2 - tcp 0 12878 ::ffff:208.109.106.214:80 ::ffff:46.59.89.203:46733 FIN_WAIT1 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:113.199.172.12:18114 TIME_WAIT - tcp 352 0 ::ffff:208.109.106.214:80 ::ffff:141.138.208.82:35363 ESTABLISHED - tcp 353 0 ::ffff:208.109.106.214:80 ::ffff:193.182.112.24:40986 ESTABLISHED - tcp 357 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.149:51270 ESTABLISHED - tcp 352 0 ::ffff:208.109.106.214:80 ::ffff:193.182.189.21:40968 ESTABLISHED - tcp 0 1252 ::ffff:208.109.106.214:80 ::ffff:59.182.45.200:50821 LAST_ACK - tcp 359 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.166:47533 ESTABLISHED - tcp 356 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.134:37900 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.178:60729 ESTABLISHED 30892/httpd tcp 353 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.80:54640 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.134:57236 ESTABLISHED 31192/httpd tcp 356 0 ::ffff:208.109.106.214:80 ::ffff:193.180.166.22:35376 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.234.222.95:45994 ESTABLISHED 30885/httpd tcp 354 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.128:60435 ESTABLISHED - tcp 344 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.70:46423 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:80.248.228.107:33714 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.94.209:47485 FIN_WAIT2 - tcp 327 0 ::ffff:208.109.106.214:80 ::ffff:141.138.215.12:34028 ESTABLISHED - tcp 0 21991 ::ffff:208.109.106.214:80 ::ffff:80.248.229.112:43943 FIN_WAIT1 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.82:49996 ESTABLISHED 30889/httpd tcp 355 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.66:57180 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:80.248.230.155:38217 ESTABLISHED 30904/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:129.184.84.41:53770 TIME_WAIT - tcp 328 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.8:53253 ESTABLISHED - tcp 328 0 ::ffff:208.109.106.214:80 ::ffff:80.248.233.96:49537 ESTABLISHED - tcp 1022 0 ::ffff:208.109.106.214:80 ::ffff:24.235.220.249:51513 ESTABLISHED - tcp 299 0 ::ffff:208.109.106.214:80 ::ffff:205.234.187.94:43508 CLOSE_WAIT - tcp 357 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.140:42017 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:141.138.214.14:48431 ESTABLISHED 30907/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.180.166.23:50177 ESTABLISHED 30879/httpd tcp 323 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.74:41848 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.234.222.65:47252 ESTABLISHED 30876/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.88.203:58698 ESTABLISHED 30865/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.94.201:39496 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:80.248.239.104:42904 FIN_WAIT2 - tcp 352 0 ::ffff:208.109.106.214:80 ::ffff:141.138.208.11:45248 ESTABLISHED - tcp 351 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.76:49397 ESTABLISHED - tcp 0 13734 ::ffff:208.109.106.214:80 ::ffff:80.248.238.91:32928 FIN_WAIT1 - tcp 461 0 ::ffff:208.109.106.214:80 ::ffff:201.49.113.72:52709 CLOSE_WAIT - tcp 370 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.4:46357 ESTABLISHED - tcp 340 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.148:42921 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:141.138.214.61:45811 ESTABLISHED 30869/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.78:39978 ESTABLISHED 31337/httpd tcp 354 0 ::ffff:208.109.106.214:80 ::ffff:141.138.215.12:42308 ESTABLISHED - tcp 361 0 ::ffff:208.109.106.214:80 ::ffff:141.138.214.13:48202 ESTABLISHED - tcp 327 0 ::ffff:208.109.106.214:80 ::ffff:46.59.88.207:34861 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.95.202:43310 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.182.112.23:39841 FIN_WAIT2 - tcp 339 0 ::ffff:208.109.106.214:80 ::ffff:46.59.95.204:54061 ESTABLISHED - tcp 382 0 ::ffff:208.109.106.214:80 ::ffff:46.59.93.204:53295 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:81.45.227.218:61587 TIME_WAIT - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.180.166.19:50773 FIN_WAIT2 - tcp 364 0 ::ffff:208.109.106.214:80 ::ffff:80.248.231.152:33038 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.90.207:58407 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.104:57648 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.54:38721 FIN_WAIT2 - tcp 335 0 ::ffff:208.109.106.214:80 ::ffff:80.248.239.146:46095 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.180.166.24:56932 ESTABLISHED 30910/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.180.166.19:48483 FIN_WAIT2 - tcp 329 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.138:46702 ESTABLISHED - tcp 357 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.82:49590 ESTABLISHED - tcp 329 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.168:54862 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.46:37444 FIN_WAIT2 - tcp 337 0 ::ffff:208.109.106.214:80 ::ffff:80.248.230.105:52430 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.46:46786 ESTABLISHED 30870/httpd tcp 352 0 ::ffff:208.109.106.214:80 ::ffff:141.138.208.77:45736 ESTABLISHED - tcp 348 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.116:39835 ESTABLISHED - tcp 324 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.128:45788 ESTABLISHED - tcp 327 0 ::ffff:208.109.106.214:80 ::ffff:80.248.228.117:53963 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.93.208:56082 TIME_WAIT - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:80.248.230.117:47040 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.94.201:54278 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.234.222.65:47067 ESTABLISHED - tcp 369 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.154:50586 ESTABLISHED - tcp 0 26075 ::ffff:208.109.106.214:80 ::ffff:83.140.221.188:56504 FIN_WAIT1 - tcp 370 0 ::ffff:208.109.106.214:80 ::ffff:193.180.166.25:43965 ESTABLISHED - tcp 347 0 ::ffff:208.109.106.214:80 ::ffff:80.248.232.101:44578 ESTABLISHED - tcp 321 0 ::ffff:208.109.106.214:80 ::ffff:80.248.237.138:57799 ESTABLISHED - tcp 354 0 ::ffff:208.109.106.214:80 ::ffff:80.248.233.88:37649 ESTABLISHED - tcp 397 0 ::ffff:208.109.106.214:80 ::ffff:83.252.103.36:49916 ESTABLISHED - tcp 301 0 ::ffff:208.109.106.214:80 ::ffff:80.248.229.124:36901 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:141.138.208.11:42092 ESTABLISHED 30887/httpd tcp 386 0 ::ffff:208.109.106.214:80 ::ffff:68.41.29.230:14747 ESTABLISHED - tcp 0 17618 ::ffff:208.109.106.214:80 ::ffff:83.140.221.198:53215 FIN_WAIT1 - tcp 0 27097 ::ffff:208.109.106.214:80 ::ffff:83.140.95.6:33951 FIN_WAIT1 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.180.166.23:35469 TIME_WAIT - tcp 0 32729 ::ffff:208.109.106.214:80 ::ffff:93.158.88.135:50482 FIN_WAIT1 - tcp 0 1598 ::ffff:208.109.106.214:80 ::ffff:193.180.166.23:42894 FIN_WAIT1 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:141.138.215.98:51275 ESTABLISHED 30866/httpd tcp 430 0 ::ffff:208.109.106.214:80 ::ffff:98.137.72.235:33118 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.91.206:36567 ESTABLISHED 30877/httpd tcp 362 0 ::ffff:208.109.106.214:80 ::ffff:80.248.236.129:45805 ESTABLISHED - tcp 256 0 ::ffff:208.109.106.214:80 ::ffff:93.158.90.163:58651 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.36:42376 FIN_WAIT2 - tcp 370 0 ::ffff:208.109.106.214:80 ::ffff:80.248.238.89:49453 ESTABLISHED - tcp 319 0 ::ffff:208.109.106.214:80 ::ffff:65.52.108.25:59429 ESTABLISHED - tcp 348 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.154:54529 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.93.200:49095 ESTABLISHED 31276/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:141.138.215.14:60580 TIME_WAIT - tcp 377 0 ::ffff:208.109.106.214:80 ::ffff:49.248.53.194:11107 ESTABLISHED - tcp 0 15606 ::ffff:208.109.106.214:80 ::ffff:141.138.208.11:45368 FIN_WAIT1 - tcp 0 11134 ::ffff:208.109.106.214:80 ::ffff:193.182.189.25:54759 FIN_WAIT1 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.234.222.83:40062 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.180.166.23:57325 TIME_WAIT - tcp 0 21695 ::ffff:208.109.106.214:80 ::ffff:83.140.95.148:45148 FIN_WAIT1 - tcp 380 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.52:40659 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:80.248.228.135:37786 ESTABLISHED 30842/httpd tcp 353 0 ::ffff:208.109.106.214:80 ::ffff:193.182.189.22:40936 ESTABLISHED - tcp 316 0 ::ffff:208.109.106.214:80 ::ffff:207.46.13.148:13236 ESTABLISHED - tcp 462 0 ::ffff:208.109.106.214:80 ::ffff:96.35.142.213:55932 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.180.166.24:54252 TIME_WAIT - tcp 0 26331 ::ffff:208.109.106.214:80 ::ffff:141.138.215.14:45262 FIN_WAIT1 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.42:57980 TIME_WAIT - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.66:35735 FIN_WAIT2 - tcp 364 0 ::ffff:208.109.106.214:80 ::ffff:141.138.214.13:48343 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.104:37043 ESTABLISHED - tcp 350 0 ::ffff:208.109.106.214:80 ::ffff:46.59.91.208:49341 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.54:52200 ESTABLISHED 30863/httpd tcp 350 0 ::ffff:208.109.106.214:80 ::ffff:93.158.90.159:55402 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.36:55017 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.95.170:53579 FIN_WAIT2 - tcp 0 16118 ::ffff:208.109.106.214:80 ::ffff:193.182.112.24:47111 FIN_WAIT1 - tcp 370 0 ::ffff:208.109.106.214:80 ::ffff:46.59.91.202:50066 ESTABLISHED - tcp 322 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.174:56519 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:80.248.228.101:38210 ESTABLISHED 30903/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:193.182.189.25:56779 ESTABLISHED 30905/httpd tcp 378 0 ::ffff:208.109.106.214:80 ::ffff:80.248.228.133:39589 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.95.206:46996 ESTABLISHED 30856/httpd tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:46.59.95.208:48266 FIN_WAIT2 - tcp 501 0 ::ffff:208.109.106.214:80 ::ffff:41.150.196.31:2413 ESTABLISHED - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:80.248.235.146:56737 FIN_WAIT2 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:80.248.238.101:38998 FIN_WAIT2 30834/httpd tcp 357 0 ::ffff:208.109.106.214:80 ::ffff:80.248.233.60:45065 ESTABLISHED - tcp 0 21695 ::ffff:208.109.106.214:80 ::ffff:83.140.95.166:37459 FIN_WAIT1 - tcp 0 0 ::ffff:208.109.106.214:80 ::ffff:83.140.113.132:51792 ESTABLISHED 30835/httpd tcp 355 0 ::ffff:208.109.106.214:80 ::ffff:83.140.221.182:48074 ESTABLISHED - Code (markup): ipcs Code (markup): ------ Semaphore Arrays -------- key semid owner perms nsems 0x000000a7 0 root 600 1 0x0052e2c1 32769 postgres 600 17 0x0052e2c2 65538 postgres 600 17 0x0052e2c3 98307 postgres 600 17 0x0052e2c4 131076 postgres 600 17 0x0052e2c5 163845 postgres 600 17 0x0052e2c6 196614 postgres 600 17 0x0052e2c7 229383 postgres 600 17 0x00000000 9404424 apache 600 1 0x00000000 9437193 apache 600 1 0x00000000 9469962 apache 600 1 0x00000000 9502731 apache 600 1 0x00000000 9535500 apache 600 1 0x00000000 9568269 apache 600 1 0x00000000 9601038 apache 600 1 0x00000000 9633807 apache 600 1 0x00000000 9666576 apache 600 1 Code (markup):
I have full access to the service , any help trying to solve this would be great. ps aux | less Code (markup): # ps aux | less USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 10368 520 ? Ss Jul11 0:00 init [3] root 2 0.0 0.0 0 0 ? S< Jul11 0:00 [migration/0] root 3 0.0 0.0 0 0 ? SN Jul11 0:00 [ksoftirqd/0] root 4 0.0 0.0 0 0 ? S< Jul11 0:00 [watchdog/0] root 5 0.0 0.0 0 0 ? S< Jul11 0:00 [migration/1] root 6 0.0 0.0 0 0 ? SN Jul11 0:00 [ksoftirqd/1] root 7 0.0 0.0 0 0 ? S< Jul11 0:00 [watchdog/1] root 8 0.0 0.0 0 0 ? S< Jul11 0:00 [migration/2] root 9 0.0 0.0 0 0 ? SN Jul11 0:00 [ksoftirqd/2] root 10 0.0 0.0 0 0 ? S< Jul11 0:00 [watchdog/2] root 11 0.0 0.0 0 0 ? S< Jul11 0:00 [migration/3] root 12 0.0 0.0 0 0 ? SN Jul11 0:00 [ksoftirqd/3] root 13 0.0 0.0 0 0 ? S< Jul11 0:00 [watchdog/3] root 14 0.0 0.0 0 0 ? S< Jul11 0:00 [events/0] root 15 0.0 0.0 0 0 ? S< Jul11 0:00 [events/1] root 16 0.0 0.0 0 0 ? S< Jul11 0:00 [events/2] root 17 0.0 0.0 0 0 ? S< Jul11 0:00 [events/3] root 18 0.0 0.0 0 0 ? S< Jul11 0:00 [khelper] root 59 0.0 0.0 0 0 ? S< Jul11 0:00 [kthread] root 66 0.0 0.0 0 0 ? S< Jul11 0:00 [kblockd/0] root 67 0.0 0.0 0 0 ? S< Jul11 0:00 [kblockd/1] root 68 0.0 0.0 0 0 ? S< Jul11 0:00 [kblockd/2] root 69 0.0 0.0 0 0 ? S< Jul11 0:00 [kblockd/3] root 70 0.0 0.0 0 0 ? S< Jul11 0:00 [kacpid] root 191 0.0 0.0 0 0 ? S< Jul11 0:00 [cqueue/0] root 192 0.0 0.0 0 0 ? S< Jul11 0:00 [cqueue/1] root 193 0.0 0.0 0 0 ? S< Jul11 0:00 [cqueue/2] root 194 0.0 0.0 0 0 ? S< Jul11 0:00 [cqueue/3] root 197 0.0 0.0 0 0 ? S< Jul11 0:00 [khubd] root 199 0.0 0.0 0 0 ? S< Jul11 0:00 [kseriod] root 291 0.0 0.0 0 0 ? S Jul11 0:00 [khungtaskd] root 294 0.1 0.0 0 0 ? S< Jul11 0:11 [kswapd0] root 295 0.0 0.0 0 0 ? S< Jul11 0:00 [aio/0] root 296 0.0 0.0 0 0 ? S< Jul11 0:00 [aio/1] root 297 0.0 0.0 0 0 ? S< Jul11 0:00 [aio/2] root 298 0.0 0.0 0 0 ? S< Jul11 0:00 [aio/3] root 441 0.0 0.0 0 0 ? S< Jul11 0:00 [kpsmoused] root 487 0.0 0.0 0 0 ? S< Jul11 0:00 [ata/0] root 488 0.0 0.0 0 0 ? S< Jul11 0:00 [ata/1] root 489 0.0 0.0 0 0 ? S< Jul11 0:00 [ata/2] root 490 0.0 0.0 0 0 ? S< Jul11 0:00 [ata/3] root 491 0.0 0.0 0 0 ? S< Jul11 0:00 [ata_aux] root 497 0.0 0.0 0 0 ? S< Jul11 0:00 [scsi_eh_0] root 498 0.0 0.0 0 0 ? S< Jul11 0:00 [scsi_eh_1] root 499 0.0 0.0 0 0 ? S< Jul11 0:00 [scsi_eh_2] root 500 0.0 0.0 0 0 ? S< Jul11 0:00 [scsi_eh_3] root 501 0.0 0.0 0 0 ? S< Jul11 0:00 [scsi_eh_4] root 502 0.0 0.0 0 0 ? S< Jul11 0:00 [scsi_eh_5] root 518 0.0 0.0 0 0 ? S< Jul11 0:00 [kstriped] root 539 0.0 0.0 0 0 ? S< Jul11 0:02 [kjournald] root 564 0.0 0.0 0 0 ? S< Jul11 0:00 [kauditd] root 597 0.0 0.0 12704 340 ? S<s Jul11 0:00 /sbin/udevd -d root 1492 0.0 0.0 0 0 ? S< Jul11 0:00 [kmpathd/0] root 1493 0.0 0.0 0 0 ? S< Jul11 0:00 [kmpathd/1] root 1494 0.0 0.0 0 0 ? S< Jul11 0:00 [kmpathd/2] root 1495 0.0 0.0 0 0 ? S< Jul11 0:00 [kmpathd/3] root 1496 0.0 0.0 0 0 ? S< Jul11 0:00 [kmpath_handlerd] root 1521 0.0 0.0 0 0 ? S< Jul11 0:00 [kjournald] root 1523 0.0 0.0 0 0 ? S< Jul11 0:00 [kjournald] root 1717 0.0 0.0 0 0 ? S< Jul11 0:00 [iscsi_eh] root 1783 0.0 0.0 0 0 ? S< Jul11 0:00 [cnic_wq] root 1810 0.0 0.0 0 0 ? S< Jul11 0:00 [ib_addr] Code (markup): # ps -A Code (markup): PID TTY TIME CMD 1 ? 00:00:00 init 2 ? 00:00:00 migration/0 3 ? 00:00:00 ksoftirqd/0 4 ? 00:00:00 watchdog/0 5 ? 00:00:00 migration/1 6 ? 00:00:00 ksoftirqd/1 7 ? 00:00:00 watchdog/1 8 ? 00:00:00 migration/2 9 ? 00:00:00 ksoftirqd/2 10 ? 00:00:00 watchdog/2 11 ? 00:00:00 migration/3 12 ? 00:00:00 ksoftirqd/3 13 ? 00:00:00 watchdog/3 14 ? 00:00:00 events/0 15 ? 00:00:00 events/1 16 ? 00:00:00 events/2 17 ? 00:00:00 events/3 18 ? 00:00:00 khelper 59 ? 00:00:00 kthread 66 ? 00:00:00 kblockd/0 67 ? 00:00:00 kblockd/1 68 ? 00:00:00 kblockd/2 69 ? 00:00:00 kblockd/3 70 ? 00:00:00 kacpid 191 ? 00:00:00 cqueue/0 192 ? 00:00:00 cqueue/1 193 ? 00:00:00 cqueue/2 194 ? 00:00:00 cqueue/3 197 ? 00:00:00 khubd 199 ? 00:00:00 kseriod 291 ? 00:00:00 khungtaskd 294 ? 00:00:11 kswapd0 295 ? 00:00:00 aio/0 296 ? 00:00:00 aio/1 297 ? 00:00:00 aio/2 298 ? 00:00:00 aio/3 441 ? 00:00:00 kpsmoused 487 ? 00:00:00 ata/0 488 ? 00:00:00 ata/1 489 ? 00:00:00 ata/2 490 ? 00:00:00 ata/3 491 ? 00:00:00 ata_aux 497 ? 00:00:00 scsi_eh_0 498 ? 00:00:00 scsi_eh_1 499 ? 00:00:00 scsi_eh_2 500 ? 00:00:00 scsi_eh_3 501 ? 00:00:00 scsi_eh_4 502 ? 00:00:00 scsi_eh_5 518 ? 00:00:00 kstriped 539 ? 00:00:02 kjournald 564 ? 00:00:00 kauditd 597 ? 00:00:00 udevd 1492 ? 00:00:00 kmpathd/0 1493 ? 00:00:00 kmpathd/1 1494 ? 00:00:00 kmpathd/2 1495 ? 00:00:00 kmpathd/3 1496 ? 00:00:00 kmpath_handlerd 1521 ? 00:00:00 kjournald 1523 ? 00:00:00 kjournald 1717 ? 00:00:00 iscsi_eh 1783 ? 00:00:00 cnic_wq 1810 ? 00:00:00 ib_addr 1826 ? 00:00:00 ib_mcast 1827 ? 00:00:00 ib_inform 1828 ? 00:00:00 local_sa 1833 ? 00:00:00 iw_cm_wq 1839 ? 00:00:00 ib_cm/0 1841 ? 00:00:00 ib_cm/1 1842 ? 00:00:00 ib_cm/2 1843 ? 00:00:00 ib_cm/3 1848 ? 00:00:00 rdma_cm 1870 ? 00:00:00 brcm_iscsiuio 1876 ? 00:00:00 iscsid 1877 ? 00:00:00 iscsid 2099 ? 00:00:00 auditd 2101 ? 00:00:00 audispd 2131 ? 00:00:00 syslogd 2134 ? 00:00:00 klogd 2195 ? 00:00:00 kondemand/0 2197 ? 00:00:00 kondemand/1 2198 ? 00:00:00 kondemand/2 2199 ? 00:00:00 kondemand/3 2216 ? 00:00:00 irqbalance 2247 ? 00:00:00 portmap 2284 ? 00:00:00 rpciod/0 2285 ? 00:00:00 rpciod/1 2286 ? 00:00:00 rpciod/2 2287 ? 00:00:00 rpciod/3 2296 ? 00:00:00 rpc.statd 2332 ? 00:00:00 rpc.idmapd 2360 ? 00:00:00 dbus-daemon 2403 ? 00:00:00 pcscd 2417 ? 00:00:00 acpid 2430 ? 00:00:00 hald 2431 ? 00:00:00 hald-runner 2439 ? 00:00:00 hald-addon-acpi 2493 ? 00:00:00 automount 2538 ? 00:00:00 sw-cp-serverd 2553 ? 00:00:00 sshd 2566 ? 00:00:00 cupsd 2582 ? 00:00:00 xinetd 2600 ? 00:00:00 couriertcpd 2602 ? 00:00:00 courierlogger 2610 ? 00:00:00 couriertcpd 2612 ? 00:00:00 courierlogger 2618 ? 00:00:00 couriertcpd 2620 ? 00:00:00 courierlogger 2627 ? 00:00:00 couriertcpd 2629 ? 00:00:00 courierlogger 2644 ? 00:00:00 qmail-send 2646 ? 00:00:00 splogger 2647 ? 00:00:00 qmail-lspawn 2648 ? 00:00:00 qmail-rspawn 2649 ? 00:00:00 qmail-clean 2681 ? 00:00:00 gpm 2748 ? 00:00:02 named 2925 ? 00:00:00 postmaster 2927 ? 00:00:00 postmaster 2929 ? 00:00:00 postmaster 2930 ? 00:00:00 postmaster 2931 ? 00:00:00 postmaster 2947 ? 00:00:00 spamd 2948 ? 00:00:01 spamd 2949 ? 00:00:00 spamd 3166 ? 00:00:00 crond 3191 ? 00:00:00 xfs 3216 ? 00:00:00 atd 3218 pts/0 00:00:00 ps 3242 ? 00:00:00 avahi-daemon 3243 ? 00:00:00 avahi-daemon 3417 ? 00:00:00 yum-updatesd 3544 ? 00:00:00 gam_server 3614 ? 00:00:00 smartd 3617 tty1 00:00:00 mingetty 3618 tty2 00:00:00 mingetty 3619 tty3 00:00:00 mingetty 3620 tty4 00:00:00 mingetty 3623 tty5 00:00:00 mingetty 3626 tty6 00:00:00 mingetty 3812 ? 00:00:00 sshd 3869 ? 00:00:00 sshd 3871 pts/0 00:00:00 bash 3910 pts/0 00:00:00 su 3950 pts/0 00:00:00 bash 26317 ? 00:00:00 pdflush 26477 ? 00:00:00 pdflush 30828 ? 00:00:00 httpd 30830 ? 00:00:00 httpd 30831 ? 00:00:31 httpd 30832 ? 00:00:32 httpd 30833 ? 00:00:35 httpd 30834 ? 00:00:32 httpd 30835 ? 00:00:34 httpd 30836 ? 00:00:33 httpd 30837 ? 00:00:31 httpd 30842 ? 00:00:34 httpd 30848 ? 00:00:32 httpd 30854 ? 00:00:32 httpd 30855 ? 00:00:34 httpd 30856 ? 00:00:36 httpd 30863 ? 00:00:33 httpd 30865 ? 00:00:31 httpd 30866 ? 00:00:33 httpd 30867 ? 00:00:33 httpd 30868 ? 00:00:32 httpd 30869 ? 00:00:34 httpd 30870 ? 00:00:32 httpd 30875 ? 00:00:35 httpd 30876 ? 00:00:32 httpd 30877 ? 00:00:31 httpd 30878 ? 00:00:36 httpd 30879 ? 00:00:35 httpd 30882 ? 00:00:34 httpd 30883 ? 00:00:33 httpd 30885 ? 00:00:34 httpd 30887 ? 00:00:31 httpd 30888 ? 00:00:31 httpd 30889 ? 00:00:32 httpd 30891 ? 00:00:33 httpd 30892 ? 00:00:34 httpd 30893 ? 00:00:30 httpd 30900 ? 00:00:34 httpd 30902 ? 00:00:33 httpd 30903 ? 00:00:31 httpd 30904 ? 00:00:29 httpd 30905 ? 00:00:33 httpd 30906 ? 00:00:32 httpd 30907 ? 00:00:34 httpd 30908 ? 00:00:32 httpd 30909 ? 00:00:32 httpd 30910 ? 00:00:36 httpd 30976 pts/0 00:00:00 mysqld_safe 31026 pts/0 00:10:15 mysqld 31192 ? 00:00:35 httpd 31201 ? 00:00:26 httpd 31208 ? 00:00:28 httpd 31276 ? 00:00:29 httpd 31337 ? 00:00:28 httpd 31342 ? 00:00:29 httpd 31404 ? 00:00:31 httpd Code (markup): # pstree Code (markup): initââ¬âacpid ââatd ââauditdââ¬âaudispdâââ{audispd} â ââ{auditd} ââautomountâââ4*[{automount}] ââavahi-daemonâââavahi-daemon ââbrcm_iscsiuioâââ3*[{brcm_iscsiuio}] ââ4*[courierlogger] ââ4*[couriertcpd] ââcrond ââcupsd ââdbus-daemon ââevents/0 ââevents/1 ââevents/2 ââevents/3 ââgam_server ââgpm ââhaldâââhald-runnerâââhald-addon-acpi ââhttpdâââ51*[httpd] ââirqbalance ââ2*[iscsid] ââkhelper ââklogd ââksoftirqd/0 ââksoftirqd/1 ââksoftirqd/2 ââksoftirqd/3 ââkthreadââ¬âaio/0 â ââaio/1 â ââaio/2 â ââaio/3 â ââata/0 â ââata/1 â ââata/2 â ââata/3 â ââata_aux â ââcnic_wq â ââcqueue/0 â ââcqueue/1 â ââcqueue/2 â ââcqueue/3 â ââib_addr â ââib_cm/0 â ââib_cm/1 â ââib_cm/2 â ââib_cm/3 â ââib_inform â ââib_mcast â ââiscsi_eh â ââiw_cm_wq â ââkacpid â ââkauditd â ââkblockd/0 â ââkblockd/1 â ââkblockd/2 â ââkblockd/3 â ââkhubd â ââkhungtaskd â ââ3*[kjournald] â ââkmpath_handlerd â ââkmpathd/0 â ââkmpathd/1 â ââkmpathd/2 â ââkmpathd/3 â ââkondemand/0 â ââkondemand/1 â ââkondemand/2 â ââkondemand/3 â ââkpsmoused â ââkseriod â ââkstriped â ââkswapd0 â ââlocal_sa â ââ2*[pdflush] â âârdma_cm â âârpciod/0 â âârpciod/1 â âârpciod/2 â âârpciod/3 â ââscsi_eh_0 â ââscsi_eh_1 â ââscsi_eh_2 â ââscsi_eh_3 â ââscsi_eh_4 â ââscsi_eh_5 ââmigration/0 ââmigration/1 ââmigration/2 ââmigration/3 ââ6*[mingetty] ââmysqld_safeâââmysqldâââ11*[{mysqld}] âânamedâââ6*[{named}] ââpcscdâââ{pcscd} ââportmap ââpostmasterââ¬â2*[postmaster] â ââpostmasterâââpostmaster ââqmail-sendââ¬âqmail-clean â ââqmail-lspawn â ââqmail-rspawn â ââsplogger âârpc.idmapd âârpc.statd ââsmartd ââspamdâââ2*[spamd] ââsshdâââsshdâââsshdâââbashâââsuâââbashâââpstree ââsw-cp-serverd ââsyslogd ââudevd ââwatchdog/0 ââwatchdog/1 ââwatchdog/2 ââwatchdog/3 ââxfs ââxinetd ââyum-updatesd Code (markup):
I'd suggest to enable MySQL slow query log, and proceed with optimization of Apache and MySQL, both settings and queries.
You should hire a system admin if you do not know to handle such issues. A quick glance shows that someone should be flooding your http
try installing a caching solution for the blog you suspect. check "top" to have a better idea on the source of the problem
Apache, the httpd, is probably waiting on data from MySQL. You will need to tweak your MySQL settings to make it send out data in a more efficient manner.
All good advice so far. Another thing to check is your disk usage. High load is often a backlog of disk writes so if you run out of space for e.g., logs it can cause a load spike. Also, as secureax mentioned, there is some possibly unusual traffic there. Are you running iptables? If so, you can do some rate limiting and/or block some of those IP blocks in case you have a small DoS going on.
1.Check for the attacks like DDOS or Mass query 2.Use APC cache(with ngnix) or Xcache with apache 3.Use CDN, a cdn reduces the load and bandwidth considerably.Cloudflare is the best and free 4.Use Minify css and html etc 5.Reduce concurrent connection of mysql 6.Check for the features in your website which are not necessary and consuming big resources. 7.Tell me the result after you finish with these steps.....
Use the following command to check for connections to your machine; it may very well be a DDoS with all of those apache processes:
This is what I get 1 101.215.19.131 1 108.235.80.199 1 112.202.161.252 1 114.79.16.211 1 118.97.95.20 1 121.223.29.196 1 121.96.73.131 1 122.162.149.71 1 127.0.0.1 1 141.138.208.102 1 141.138.208.103 1 141.138.208.110 1 141.138.208.112 1 141.138.214.119 1 141.138.214.126 1 141.138.215.149 1 175.44.0.101 1 181.149.199.235 1 188.138.245.81 1 193.180.166.229 1 193.180.166.247 1 193.180.166.248 1 193.182.112.226 1 193.182.112.227 1 193.182.112.231 1 193.182.189.193 1 193.182.189.241 1 193.183.187.195 1 193.234.222.79 1 193.234.222.99 1 199.30.81.111 1 218.213.141.68 1 222.127.93.184 1 24.18.198.137 1 27.4.242.39 1 46.59.92.207 1 46.59.92.208 1 46.59.93.202 1 59.177.1.108 1 62.224.61.41 1 65.35.34.137 1 66.249.68.99 1 67.170.242.57 1 69.46.77.3 1 71.239.144.91 1 71.36.29.245 1 72.30.132.36 1 80.248.228.115 1 80.248.228.155 1 80.248.231.109 1 80.248.234.146 1 80.248.235.126 1 80.248.235.127 1 80.248.237.140 1 80.62.116.214 1 83.140.113.148 1 83.140.113.151 1 83.140.113.23 1 83.140.113.27 1 83.140.113.53 1 83.140.113.75 1 83.140.221.100 1 83.140.221.103 1 83.140.221.104 1 83.140.221.187 1 83.140.221.189 1 83.140.221.20 1 83.140.221.48 1 83.140.221.88 1 83.140.221.98 1 83.140.95.157 1 83.140.95.25 1 83.140.95.81 1 83.140.95.85 1 87.104.113.3 1 93.158.93.165 1 93.158.95.155 1 95.25.218.210 1 98.200.81.243 1 99.244.30.38 2 101.215.103.207 2 112.198.79.108 2 141.138.208.108 2 193.182.189.194 2 193.183.187.197 2 59.97.49.165 2 68.221.18.129 2 78.97.203.57 2 83.140.113.24 2 83.140.221.105 2 83.140.95.4 2 83.140.95.70 2 83.140.95.86 3 141.138.214.61 3 173.57.146.229 3 49.145.76.157 3 83.140.113.36 3 83.140.221.101 3 83.140.221.106 3 83.140.221.96 3 83.140.221.97 3 83.140.95.24 4 141.138.215.65 5 141.138.215.82 5 83.140.95.103 5 83.140.95.154 5 83.140.95.6 5 83.140.95.67 6 141.138.214.114 6 141.138.214.116 7 141.138.215.147 9 141.138.214.59 10 141.138.215.81 14 141.138.214.60 22 0.0.0.0 80 208.109.106.214 225 Code (markup):
Try blocking this one: 80 208.109.106.214 There is nothing particularly unusual about the others but 80 connections from one source is not normal.
He said "208.109.106.214 is me", so blocking (him/her)self wouldn't be the best idea. My advice would be to tweak, tweak and tweak. If you are not familiar with doing so, hire someone who is.
Ah, missed that! Nothing particularly unusual in (the rest of) the traffic. May well just be an overloaded server. I did note one post that said memory is freed up by restarting apache but load remains high. To track that down, look at anything that does disk writes.
now this, this it's a child process issue still opening processes to close others but opening so many there's no ram to close any more? Look at all the connections from my server IP 728 208.109.106.214 1 80.248.238.125 1 80.248.238.91 1 80.248.239.130 1 80.248.239.133 1 83.140.113.102 1 83.140.113.109 1 83.140.113.110 1 83.140.113.113 1 83.140.113.115 1 83.140.113.116 1 83.140.113.119 1 83.140.113.121 1 83.140.113.122 1 83.140.113.13 1 83.140.113.141 1 83.140.113.15 1 83.140.113.152 1 83.140.113.159 1 83.140.113.16 1 83.140.113.160 1 83.140.113.19 1 83.140.113.21 1 83.140.113.23 1 83.140.113.24 1 83.140.113.30 1 83.140.113.33 1 83.140.113.36 1 83.140.113.37 1 83.140.113.38 1 83.140.113.4 1 83.140.113.42 1 83.140.113.47 1 83.140.113.51 1 83.140.113.68 1 83.140.113.71 1 83.140.113.78 1 83.140.113.79 1 83.140.113.9 1 83.140.113.93 1 83.140.221.101 1 83.140.221.103 1 83.140.221.107 1 83.140.221.113 1 83.140.221.120 1 83.140.221.125 1 83.140.221.127 1 83.140.221.130 1 83.140.221.138 1 83.140.221.142 1 83.140.221.143 1 83.140.221.145 1 83.140.221.149 1 83.140.221.150 1 83.140.221.158 1 83.140.221.159 1 83.140.221.171 1 83.140.221.172 1 83.140.221.178 1 83.140.221.184 1 83.140.221.188 1 83.140.221.190 1 83.140.221.192 1 83.140.221.193 1 83.140.221.195 1 83.140.221.196 1 83.140.221.199 1 83.140.221.21 1 83.140.221.26 1 83.140.221.36 1 83.140.221.4 1 83.140.221.40 1 83.140.221.42 1 83.140.221.45 1 83.140.221.53 1 83.140.221.56 1 83.140.221.57 1 83.140.221.65 1 83.140.221.67 1 83.140.221.69 1 83.140.221.71 1 83.140.221.77 1 83.140.221.79 1 83.140.221.81 1 83.140.221.83 1 83.140.221.86 1 83.140.221.91 1 83.140.221.95 1 83.140.221.98 1 83.140.95.105 1 83.140.95.11 1 83.140.95.110 1 83.140.95.112 1 83.140.95.114 1 83.140.95.118 1 83.140.95.12 1 83.140.95.120 1 83.140.95.123 1 83.140.95.125 1 83.140.95.126 1 83.140.95.127 1 83.140.95.128 1 83.140.95.152 1 83.140.95.158 1 83.140.95.160 1 83.140.95.163 1 83.140.95.164 1 83.140.95.167 1 83.140.95.168 1 83.140.95.170 1 83.140.95.171 1 83.140.95.173 1 83.140.95.176 1 83.140.95.178 1 83.140.95.189 1 83.140.95.191 1 83.140.95.194 1 83.140.95.2 1 83.140.95.26 1 83.140.95.29 1 83.140.95.3 1 83.140.95.30 1 83.140.95.34 1 83.140.95.36 1 83.140.95.39 1 83.140.95.40 1 83.140.95.5 1 83.140.95.56 1 83.140.95.59 1 83.140.95.61 1 83.140.95.64 1 83.140.95.67 1 83.140.95.68 1 83.140.95.7 1 83.140.95.70 1 83.140.95.72 1 83.140.95.78 1 83.140.95.81 1 83.140.95.88 1 83.140.95.91 1 85.247.242.250 1 86.96.226.23 1 89.151.116.53 1 92.36.250.113 1 93.158.88.163 1 93.158.88.184 1 93.158.90.150 1 93.158.92.151 1 93.158.92.155 1 93.158.92.157 1 93.158.93.151 1 93.158.93.152 1 93.158.93.188 1 94.171.212.110 2 141.138.208.119 2 141.138.208.94 2 141.138.214.116 2 173.63.33.45 2 193.180.166.216 2 193.182.112.204 2 193.182.112.219 2 193.182.112.227 2 193.182.112.232 2 193.182.189.242 2 193.182.189.245 2 193.182.189.248 2 193.234.222.68 2 193.234.222.73 2 193.234.222.87 2 193.234.222.89 2 208.109.96.2 2 46.126.108.144 2 46.59.88.201 2 46.59.89.203 2 46.59.89.208 2 46.59.89.210 2 46.59.90.201 2 46.59.90.208 2 46.59.93.209 2 46.59.94.200 2 69.142.54.171 2 71.36.29.245 2 80.248.228.140 2 80.248.228.144 2 80.248.229.107 2 80.248.230.120 2 80.248.230.142 2 80.248.230.155 2 80.248.232.127 2 80.248.234.130 2 80.248.234.134 2 80.248.239.155 2 83.140.113.12 2 83.140.113.14 2 83.140.113.140 2 83.140.113.149 2 83.140.113.46 2 83.140.113.63 2 83.140.113.65 2 83.140.221.139 2 83.140.221.156 2 83.140.221.164 2 83.140.221.183 2 83.140.221.2 2 83.140.221.200 2 83.140.221.46 2 83.140.221.58 2 83.140.221.93 2 83.140.221.94 2 83.140.95.132 2 83.140.95.159 2 83.140.95.169 2 83.140.95.17 2 83.140.95.180 2 83.140.95.184 2 83.140.95.31 2 83.140.95.38 2 92.25.67.106 2 93.158.90.186 3 184.72.40.0 3 193.182.112.207 3 193.182.112.229 3 193.182.112.248 3 193.182.189.231 3 46.59.88.204 3 80.248.228.113 3 80.248.231.99 3 80.248.232.130 3 80.248.233.153 3 80.248.233.43 3 83.140.113.95 3 83.140.221.122 3 83.140.221.154 3 83.140.221.22 3 83.140.221.51 3 83.140.95.156 3 83.140.95.201 3 83.140.95.45 3 93.158.93.139 4 83.140.221.160 5 173.248.210.91 5 80.248.234.119 11 79.181.10.56 22 0.0.0.0 710 728 208.109.106.214 Code (markup):
If you have a lot of outbound connections from port 80, your box may have been compromised. You can check the connections with this command: netstat -tunap | grep 80 There are a few things that will legitimately use port 80 outbound but you can safely block outbound port 80 and see what effect it has. If the load comes down and/or a lot of those connections go away you need to check to see if you have - some widget that has gone spastic - a spider got itself into an endless loop - some code 'phoning home' (phishing, using you for a DoS, IRC) Block 83.140.113.0/24 and see what happens.