Cause of Server CPU High Load Nailed Down
For the past few weeks our DirectAdmin server was experiencing a very high CPU load on a daily basis. Initially we thought it was caused by the ever increasing problem of email spamming. Then we found that it was caused by a MySQL database. Yesterday we installed a diagnosing script on the server and this script helped us pin down which database was causing the problem.
It turned out to be a database for a guestbook script that the site owner installed and then abandoned using it. That was an advanced guestbook script that used a MySQL database to store the guestbook entries. However, the owner of the website did not remove the script and the database that was associated with it. This out-of-date script left the door open for hacking.
We have removed the problematic script and its MySQL database last night and now the server has been monitored and is seen very stable ever since. While we continue monitoring the server performance, we have the following suggestions for all site owners:
- Check all the third-party scripts you have installed on your website. Make sure they are up to date and if not, please upgrade to the latest version.
- If you are not using any of these third-party scripts, please remove it - make sure you remove both the script folder and the MySQL database that is associated with it - if there is one.
- Do not set any sub-folder’s permission setting in the public_html folder to be 777 - this means that anyone out there can upload, write into it and execute any files in it and leave a door wide open for hackers. If we do need to set the permission setting for any sub-folder to 777 for testing purposes, remember to set it back to 755, which is the default folder setting that works for almost all scripts. Note that, if the script you are running is written in PHP rather than Perl/CGI, the default permission setting of 644 for most files and sub-folders is more than enough. If you need to set any upload folder to be writable, set it to 666 rather than 777.
- If you want to install any third-party script, we highly suggest that you do it using the script auto-installer that is available for you - it is Installatron for our DirectAdmin servers and Fantastico for our cPanel servers. Please learn more about these script installers by clicking here. The nice thing is, any third-party script you install through the auto-installer can be easily upgraded by simply clicking a link from the installer’s control panel - no hassle, no need to manually do anything. Just a mouse click and the installer automatically upgrade any script that was installed earlier through the installer.
- If you run a forum or blog script on your site, make sure you tighten the security for it, for example, ask your guest to register and login in order to add comments or reply to any posting thread.
To ensure stable performance for our servers, we reserve the right to remove, without notice, any third-party script that has been found hacked. We will try our best to backup a copy of the script/database to be removed in case of a false alarm.