Problema Sevidor dedicado [RAM y APACHE]

Rider_ #1 Ago '13

Buenas tardes, desde hace unos cuantos dias estoy experimentando unos problemas en mi servidor dedicado que utilizo para web y correo electronico.

A los minutos de estar apache iniciado se consume la memoria ram y llego a tener 500 procesos en sleep, el servidor se queda bloqueado y no sirve las peticiones web.

Ya no se que mas hacer para solucionar el problema, a ver si podeis hecharme una mano....

Adjunto resultado del TOP y configuración de APACHE:

Real memory: 15.57 GB total / 6.89 GB free / 6.81 GB cached Swap space: 1 GB total / 1007.87 MB free

ID de Proceso Propietario Medida Comando

3048 mysql 1116452 kB /usr/sbin/mysqld --basedir=/usr --datadir=/home/mysql --user=mysql --pid-file=/v ...
3173 clamav 286224 kB /usr/sbin/clamd
8973 www-data 268808 kB /usr/sbin/apache2 -k start
9342 www-data 268740 kB /usr/sbin/apache2 -k start
8896 www-data 268732 kB /usr/sbin/apache2 -k start
8933 www-data 268732 kB /usr/sbin/apache2 -k start
8940 www-data 268732 kB /usr/sbin/apache2 -k start
9248 www-data 268732 kB /usr/sbin/apache2 -k start
9288 www-data 268732 kB /usr/sbin/apache2 -k start
9292 www-data 268732 kB /usr/sbin/apache2 -k start
9326 www-data 268732 kB /usr/sbin/apache2 -k start
8892 www-data 268708 kB /usr/sbin/apache2 -k start
9152 www-data 268700 kB /usr/sbin/apache2 -k start
9340 www-data 268692 kB /usr/sbin/apache2 -k start
9350 www-data 268692 kB /usr/sbin/apache2 -k start
8891 www-data 268664 kB /usr/sbin/apache2 -k start
9486 www-data 268664 kB /usr/sbin/apache2 -k start
9367 www-data 268620 kB /usr/sbin/apache2 -k start
8903 www-data 268524 kB /usr/sbin/apache2 -k start
9143 www-data 268524 kB /usr/sbin/apache2 -k start
9433 www-data 268524 kB /usr/sbin/apache2 -k start
9449 www-data 268524 kB /usr/sbin/apache2 -k start
9588 www-data 268524 kB /usr/sbin/apache2 -k start
9594 www-data 268524 kB /usr/sbin/apache2 -k start
9596 www-data 268524 kB /usr/sbin/apache2 -k start
9603 www-data 268524 kB /usr/sbin/apache2 -k start
9605 www-data 268524 kB /usr/sbin/apache2 -k start
9607 www-data 268524 kB /usr/sbin/apache2 -k start
9611 www-data 268524 kB /usr/sbin/apache2 -k start
9616 www-data 268524 kB /usr/sbin/apache2 -k start
9625 www-data 268524 kB /usr/sbin/apache2 -k start
9636 www-data 268524 kB /usr/sbin/apache2 -k start
8890 www-data 268348 kB /usr/sbin/apache2 -k start
9140 www-data 268348 kB /usr/sbin/apache2 -k start
9097 www-data 268344 kB /usr/sbin/apache2 -k start
9268 www-data 268344 kB /usr/sbin/apache2 -k start
9291 www-data 268344 kB /usr/sbin/apache2 -k start
9287 www-data 268340 kB /usr/sbin/apache2 -k start
9325 www-data 268340 kB /usr/sbin/apache2 -k start
9341 www-data 268340 kB /usr/sbin/apache2 -k start
9346 www-data 268340 kB /usr/sbin/apache2 -k start
8887 www-data 268336 kB /usr/sbin/apache2 -k start
8889 www-data 268336 kB /usr/sbin/apache2 -k start
8894 www-data 268336 kB /usr/sbin/apache2 -k start
8895 www-data 268336 kB /usr/sbin/apache2 -k start
8917 www-data 268336 kB /usr/sbin/apache2 -k start
8918 www-data 268336 kB /usr/sbin/apache2 -k start
8925 www-data 268336 kB /usr/sbin/apache2 -k start
8927 www-data 268336 kB /usr/sbin/apache2 -k start
8936 www-data 268336 kB /usr/sbin/apache2 -k start
8968 www-data 268336 kB /usr/sbin/apache2 -k start
8972 www-data 268336 kB /usr/sbin/apache2 -k start
8975 www-data 268336 kB /usr/sbin/apache2 -k start
8976 www-data 268336 kB /usr/sbin/apache2 -k start
8978 www-data 268336 kB /usr/sbin/apache2 -k start
9026 www-data 268336 kB /usr/sbin/apache2 -k start
9091 www-data 268336 kB /usr/sbin/apache2 -k start
9093 www-data 268336 kB /usr/sbin/apache2 -k start
9094 www-data 268336 kB /usr/sbin/apache2 -k start
9095 www-data 268336 kB /usr/sbin/apache2 -k start
9115 www-data 268336 kB /usr/sbin/apache2 -k start
9148 www-data 268336 kB /usr/sbin/apache2 -k start
9253 www-data 268336 kB /usr/sbin/apache2 -k start
9260 www-data 268336 kB /usr/sbin/apache2 -k start
9289 www-data 268336 kB /usr/sbin/apache2 -k start
9379 www-data 268336 kB /usr/sbin/apache2 -k start
9432 www-data 268336 kB /usr/sbin/apache2 -k start
9442 www-data 268336 kB /usr/sbin/apache2 -k start
9444 www-data 268336 kB /usr/sbin/apache2 -k start
9468 www-data 268336 kB /usr/sbin/apache2 -k start
9469 www-data 268336 kB /usr/sbin/apache2 -k start
9478 www-data 268336 kB /usr/sbin/apache2 -k start
9482 www-data 268336 kB /usr/sbin/apache2 -k start
9483 www-data 268336 kB /usr/sbin/apache2 -k start
9489 www-data 268336 kB /usr/sbin/apache2 -k start
9585 www-data 268336 kB /usr/sbin/apache2 -k start
9622 www-data 268336 kB /usr/sbin/apache2 -k start
9487 www-data 268324 kB /usr/sbin/apache2 -k start
9599 www-data 268324 kB /usr/sbin/apache2 -k start
9631 www-data 268324 kB /usr/sbin/apache2 -k start
9321 www-data 268308 kB /usr/sbin/apache2 -k start
9431 www-data 268296 kB /usr/sbin/apache2 -k start
9344 www-data 268292 kB /usr/sbin/apache2 -k start
8893 www-data 268288 kB /usr/sbin/apache2 -k start
8934 www-data 268288 kB /usr/sbin/apache2 -k start
8938 www-data 268288 kB /usr/sbin/apache2 -k start
8939 www-data 268288 kB /usr/sbin/apache2 -k start
8970 www-data 268288 kB /usr/sbin/apache2 -k start
8971 www-data 268288 kB /usr/sbin/apache2 -k start
8974 www-data 268288 kB /usr/sbin/apache2 -k start
9113 www-data 268288 kB /usr/sbin/apache2 -k start
9139 www-data 268288 kB /usr/sbin/apache2 -k start
9141 www-data 268288 kB /usr/sbin/apache2 -k start
9293 www-data 268288 kB /usr/sbin/apache2 -k start
9559 www-data 268288 kB /usr/sbin/apache2 -k start
9563 www-data 268288 kB /usr/sbin/apache2 -k start
9564 www-data 268288 kB /usr/sbin/apache2 -k start
9579 www-data 268288 kB /usr/sbin/apache2 -k start
9583 www-data 268288 kB /usr/sbin/apache2 -k start
9584 www-data 268288 kB /usr/sbin/apache2 -k start
9586 www-data 268288 kB /usr/sbin/apache2 -k start
9589 www-data 268288 kB /usr/sbin/apache2 -k start
9592 www-data 268288 kB /usr/sbin/apache2 -k start
9597 www-data 268288 kB /usr/sbin/apache2 -k start
9602 www-data 268288 kB /usr/sbin/apache2 -k start
9604 www-data 268288 kB /usr/sbin/apache2 -k start
9608 www-data 268288 kB /usr/sbin/apache2 -k start
9613 www-data 268288 kB /usr/sbin/apache2 -k start
9619 www-data 268288 kB /usr/sbin/apache2 -k start
9620 www-data 268288 kB /usr/sbin/apache2 -k start
9621 www-data 268288 kB /usr/sbin/apache2 -k start
9624 www-data 268288 kB /usr/sbin/apache2 -k start
9626 www-data 268288 kB /usr/sbin/apache2 -k start
9627 www-data 268288 kB /usr/sbin/apache2 -k start
9629 www-data 268288 kB /usr/sbin/apache2 -k start
9630 www-data 268288 kB /usr/sbin/apache2 -k start
9633 www-data 268288 kB /usr/sbin/apache2 -k start
9634 www-data 268288 kB /usr/sbin/apache2 -k start
9635 www-data 268288 kB /usr/sbin/apache2 -k start
9637 www-data 268288 kB /usr/sbin/apache2 -k start
9339 www-data 268284 kB /usr/sbin/apache2 -k start
8965 www-data 268280 kB /usr/sbin/apache2 -k start
8979 www-data 268280 kB /usr/sbin/apache2 -k start
9488 www-data 268280 kB /usr/sbin/apache2 -k start
9578 www-data 268280 kB /usr/sbin/apache2 -k start
9612 www-data 268280 kB /usr/sbin/apache2 -k start
8888 www-data 268156 kB /usr/sbin/apache2 -k start
8928 www-data 268156 kB /usr/sbin/apache2 -k start
8935 www-data 268156 kB /usr/sbin/apache2 -k start
8967 www-data 268156 kB /usr/sbin/apache2 -k start
9347 www-data 268156 kB /usr/sbin/apache2 -k start
9380 www-data 268156 kB /usr/sbin/apache2 -k start
9494 www-data 268156 kB /usr/sbin/apache2 -k start
9577 www-data 268156 kB /usr/sbin/apache2 -k start
9587 www-data 268156 kB /usr/sbin/apache2 -k start
9590 www-data 268156 kB /usr/sbin/apache2 -k start
9595 www-data 268156 kB /usr/sbin/apache2 -k start
9598 www-data 268156 kB /usr/sbin/apache2 -k start
9600 www-data 268156 kB /usr/sbin/apache2 -k start
9606 www-data 268156 kB /usr/sbin/apache2 -k start
9614 www-data 268156 kB /usr/sbin/apache2 -k start
9618 www-data 268156 kB /usr/sbin/apache2 -k start
9628 www-data 268156 kB /usr/sbin/apache2 -k start
9632 www-data 268156 kB /usr/sbin/apache2 -k start
9708 www-data 268156 kB /usr/sbin/apache2 -k start
8883 root 267236 kB /usr/sbin/apache2 -k start
8909 comatel 244848 kB /usr/bin/php5-cgi
9116 comatel 244384 kB /usr/bin/php5-cgi
9435 comatel 244384 kB /usr/bin/php5-cgi
9451 comatel 244384 kB /usr/bin/php5-cgi
9479 comatel 244384 kB /usr/bin/php5-cgi
9117 comatel 244360 kB /usr/bin/php5-cgi
9255 comatel 243300 kB /usr/bin/php5-cgi
8904 comatel 243020 kB /usr/bin/php5-cgi
8947 comatel 242544 kB /usr/bin/php5-cgi
9003 comatel 242544 kB /usr/bin/php5-cgi
9007 comatel 242544 kB /usr/bin/php5-cgi
8943 comatel 242532 kB /usr/bin/php5-cgi
8907 comatel 242336 kB /usr/bin/php5-cgi
9103 comatel 242336 kB /usr/bin/php5-cgi
9352 comatel 242336 kB /usr/bin/php5-cgi
9360 comatel 242336 kB /usr/bin/php5-cgi
8949 comatel 242252 kB /usr/bin/php5-cgi
8897 comatel 242080 kB /usr/bin/php5-cgi
8944 comatel 242080 kB /usr/bin/php5-cgi
8948 comatel 242080 kB /usr/bin/php5-cgi
9004 comatel 242080 kB /usr/bin/php5-cgi
9122 comatel 242080 kB /usr/bin/php5-cgi
9126 comatel 242080 kB /usr/bin/php5-cgi
9128 comatel 242080 kB /usr/bin/php5-cgi
9324 comatel 242080 kB /usr/bin/php5-cgi
8908 comatel 241520 kB /usr/bin/php5-cgi
8919 comatel 241520 kB /usr/bin/php5-cgi
9100 comatel 241008 kB /usr/bin/php5-cgi
9254 comatel 240976 kB /usr/bin/php5-cgi
9102 comatel 240940 kB /usr/bin/php5-cgi
9251 comatel 240768 kB /usr/bin/php5-cgi
9364 comatel 240768 kB /usr/bin/php5-cgi
9274 comatel 240752 kB /usr/bin/php5-cgi
9353 comatel 240752 kB /usr/bin/php5-cgi
9101 comatel 240740 kB /usr/bin/php5-cgi
9124 comatel 240740 kB /usr/bin/php5-cgi
9270 comatel 240740 kB /usr/bin/php5-cgi
9272 comatel 240740 kB /usr/bin/php5-cgi
9322 comatel 240740 kB /usr/bin/php5-cgi
9323 comatel 240740 kB /usr/bin/php5-cgi
9363 comatel 240740 kB /usr/bin/php5-cgi
9005 comatel 240684 kB /usr/bin/php5-cgi
8906 comatel 240596 kB /usr/bin/php5-cgi
9127 comatel 240596 kB /usr/bin/php5-cgi
9134 comatel 240596 kB /usr/bin/php5-cgi
9271 comatel 240596 kB /usr/bin/php5-cgi
9450 comatel 240544 kB /usr/bin/php5-cgi
9436 comatel 240312 kB /usr/bin/php5-cgi
8898 comatel 240288 kB /usr/bin/php5-cgi
8905 comatel 240288 kB /usr/bin/php5-cgi
8945 comatel 240288 kB /usr/bin/php5-cgi
8946 comatel 240288 kB /usr/bin/php5-cgi
9006 comatel 240288 kB /usr/bin/php5-cgi
9099 comatel 240288 kB /usr/bin/php5-cgi
9252 comatel 240288 kB /usr/bin/php5-cgi
9262 comatel 240288 kB /usr/bin/php5-cgi
9384 comatel 240288 kB /usr/bin/php5-cgi
9439 comatel 240288 kB /usr/bin/php5-cgi
9456 comatel 240288 kB /usr/bin/php5-cgi
9336 comatel 240264 kB /usr/bin/php5-cgi
9452 comatel 240264 kB /usr/bin/php5-cgi
9462 comatel 240264 kB /usr/bin/php5-cgi
9273 comatel 240216 kB /usr/bin/php5-cgi
9381 comatel 240204 kB /usr/bin/php5-cgi
2844 bind 221464 kB /usr/sbin/named -u bind
9455 comatel 218840 kB /usr/bin/php5-cgi
9264 comatel 215700 kB /usr/bin/php5-cgi
9351 comatel 214676 kB /usr/bin/php5-cgi
9283 comatel 212152 kB /usr/bin/php5-cgi
9333 comatel 211348 kB /usr/bin/php5-cgi
9650 comatel 209304 kB /usr/bin/php5-cgi
9567 comatel 208024 kB /usr/bin/php5-cgi
9569 comatel 208024 kB /usr/bin/php5-cgi
9570 comatel 208024 kB /usr/bin/php5-cgi
9572 comatel 208024 kB /usr/bin/php5-cgi
9574 comatel 208024 kB /usr/bin/php5-cgi
9580 comatel 208024 kB /usr/bin/php5-cgi
9688 comatel 208024 kB /usr/bin/php5-cgi
9696 comatel 208024 kB /usr/bin/php5-cgi
9697 comatel 208024 kB /usr/bin/php5-cgi
9713 comatel 208024 kB /usr/bin/php5-cgi
9737 comatel 208024 kB /usr/bin/php5-cgi
9651 comatel 207960 kB /usr/bin/php5-cgi
9571 comatel 207936 kB /usr/bin/php5-cgi
9566 comatel 206744 kB /usr/bin/php5-cgi
9565 comatel 205976 kB /usr/bin/php5-cgi
9568 comatel 205720 kB /usr/bin/php5-cgi
9591 comatel 205720 kB /usr/bin/php5-cgi
9649 comatel 205400 kB /usr/bin/php5-cgi
8885 www-data 196008 kB /usr/sbin/apache2 -k start
9002 masvoltaje 184936 kB /usr/bin/php5-cgi
9314 masvoltaje 184652 kB /usr/bin/php5-cgi
9190 masvoltaje 184640 kB /usr/bin/php5-cgi
9040 masvoltaje 183612 kB /usr/bin/php5-cgi
9146 masvoltaje 183612 kB /usr/bin/php5-cgi
9038 masvoltaje 181968 kB /usr/bin/php5-cgi
8901 masvoltaje 181740 kB /usr/bin/php5-cgi
9020 masvoltaje 177560 kB /usr/bin/php5-cgi
8995 masvoltaje 170084 kB /usr/bin/php5-cgi
9484 foroelectricidad 169336 kB /usr/bin/php5-cgi
9573 comatel 160796 kB /usr/bin/php5-cgi
9575 comatel 160796 kB /usr/bin/php5-cgi
9593 comatel 160796 kB /usr/bin/php5-cgi
9652 comatel 160796 kB /usr/bin/php5-cgi
9694 comatel 160796 kB /usr/bin/php5-cgi
9709 comatel 160796 kB /usr/bin/php5-cgi
9734 comatel 160524 kB /usr/bin/php5-cgi
9736 comatel 160520 kB /usr/bin/php5-cgi
9735 comatel 157372 kB /usr/bin/php5-cgi
9553 root 152060 kB /usr/share/webmin/virtual-server-theme/right.cgi
2837 root 131948 kB /usr/sbin/lwresd
9732 root 122484 kB /usr/share/webmin/proc/index_size.cgi
2470 root 120136 kB /usr/sbin/rsyslogd -c4
3149 root 118228 kB /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
3066 root 114688 kB /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/ ...
3143 root 114688 kB spamd child
3144 root 114688 kB spamd child
3126 postgres 100940 kB postgres: autovacuum launcher process
2890 postgres 100800 kB /usr/lib/postgresql/8.4/bin/postgres -D /var/lib/postgresql/8.4/main -c config_f ...
3124 postgres 100800 kB postgres: writer process
3125 postgres 100800 kB postgres: wal writer process
3458 proftpd 91880 kB proftpd: (accepting connections)
3145 root 78756 kB /usr/share/webmin/virtual-server/lookup-domain-daemon.pl
3331 root 75072 kB dovecot-auth
3338 root 74940 kB dovecot-auth -w
3138 root 72748 kB /usr/bin/perl /usr/share/usermin/miniserv.pl /etc/usermin/miniserv.conf
3127 postgres 72344 kB postgres: stats collector process
3171 root 70536 kB sshd: root@notty
3509 root 70536 kB sshd: root@notty
4260 root 70536 kB sshd: root@pts/0
2675 root 53644 kB /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
2854 root 53644 kB /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
2855 root 53644 kB /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
2856 root 53644 kB /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
2857 root 53644 kB /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
3343 list 53640 kB /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
2874 root 49220 kB /usr/sbin/sshd
3377 list 45428 kB /usr/bin/python /var/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
3373 list 45132 kB /usr/bin/python /var/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
3376 list 45096 kB /usr/bin/python /var/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
3374 list 45068 kB /usr/bin/python /var/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
3375 list 45048 kB /usr/bin/python /var/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
3378 list 45048 kB /usr/bin/python /var/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
3372 list 45044 kB /usr/bin/python /var/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
3379 list 45044 kB /usr/bin/python /var/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
5661 postfix 41804 kB tlsmgr -l -t unix -u -c
3456 postfix 39440 kB qmgr -l -t fifo -u
3455 postfix 39284 kB pickup -l -t fifo -u -c
3329 root 39096 kB /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
3292 clamav 38588 kB /usr/bin/freshclam -d --quiet
3442 root 37220 kB /usr/lib/postfix/master
3355 dovecot 36964 kB imap-login
3356 dovecot 36964 kB imap-login
3357 dovecot 36964 kB imap-login
3352 dovecot 36952 kB pop3-login
3354 dovecot 36952 kB pop3-login
5181 dovecot 36952 kB pop3-login
4283 root 25176 kB -bash
3318 root 24064 kB /usr/sbin/cron
2863 messagebus 23308 kB /usr/bin/dbus-daemon --system
8553 root 19508 kB top
4321 root 19244 kB top
2560 daemon 18760 kB /usr/sbin/atd
9749 root 17548 kB sh -c ps --cols 2048 -eo user:80,ruser:80,group:80,rgroup:80,pid,ppid,pgid,pcpu, ...
1817 root 17176 kB udevd --daemon
3506 root 17172 kB udevd --daemon
3507 root 17172 kB udevd --daemon
9750 root 14860 kB ps --cols 2048 -eo user:80,ruser:80,group:80,rgroup:80,pid,ppid,pgid,pcpu,vsz,ni ...
2527 root 12844 kB /sbin/mdadm --monitor --pid-file /var/run/mdadm/monitor.pid --daemonise --scan - ...
3457 root 12512 kB /usr/lib/openssh/sftp-server
3837 root 12364 kB /usr/lib/openssh/sftp-server
2903 root 9184 kB /bin/sh /usr/bin/mysqld_safe
2568 root 9108 kB /usr/sbin/irqbalance
1 root 8396 kB init [2]
3496 root 5976 kB /sbin/getty 38400 tty1
3497 root 5976 kB /sbin/getty 38400 tty2
3498 root 5976 kB /sbin/getty 38400 tty3
3499 root 5976 kB /sbin/getty 38400 tty4
3500 root 5976 kB /sbin/getty 38400 tty5
3501 root 5976 kB /sbin/getty 38400 tty6
3049 root 3900 kB logger -t mysqld -p daemon.error
2 root 0 kB [kthreadd]
3 root 0 kB [ksoftirqd/0]
4 root 0 kB [kworker/0:0]
5 root 0 kB [kworker/u:0]
6 root 0 kB [migration/0]
7 root 0 kB [migration/1]
9 root 0 kB [ksoftirqd/1]
11 root 0 kB [migration/2]
12 root 0 kB [kworker/2:0]
13 root 0 kB [ksoftirqd/2]
14 root 0 kB [migration/3]
15 root 0 kB [kworker/3:0]
16 root 0 kB [ksoftirqd/3]
17 root 0 kB [cpuset]
18 root 0 kB [khelper]
19 root 0 kB [kdevtmpfs]
20 root 0 kB [netns]
409 root 0 kB [sync_supers]
411 root 0 kB [bdi-default]
412 root 0 kB [kintegrityd]
414 root 0 kB [kblockd]
527 root 0 kB [ata_sff]
537 root 0 kB [khubd]
544 root 0 kB [md]
645 root 0 kB [rpciod]
646 root 0 kB [kvm-irqfd-clean]
712 root 0 kB [kswapd0]
713 root 0 kB [ksmd]
714 root 0 kB [fsnotify_mark]
718 root 0 kB [nfsiod]
723 root 0 kB [jfsIO]
724 root 0 kB [jfsCommit]
725 root 0 kB [jfsCommit]
726 root 0 kB [jfsCommit]
727 root 0 kB [jfsCommit]
728 root 0 kB [jfsSync]
729 root 0 kB [xfs_mru_cache]
730 root 0 kB [xfslogd]
731 root 0 kB [xfsdatad]
732 root 0 kB [xfsconvertd]
733 root 0 kB [ocfs2_wq]
735 root 0 kB [user_dlm]
738 root 0 kB [glock_workqueue]
739 root 0 kB [delete_workqueu]
740 root 0 kB [gfs_recovery]
741 root 0 kB [crypto]
769 root 0 kB [kthrotld]
1332 root 0 kB [kworker/1:1]
1333 root 0 kB [kworker/2:1]
1334 root 0 kB [kworker/3:1]
1447 root 0 kB [iscsi_eh]
1456 root 0 kB [fc_exch_workque]
1457 root 0 kB [fc_rport_eq]
1458 root 0 kB [fcoethread/0]
1459 root 0 kB [fcoethread/1]
1460 root 0 kB [fcoethread/2]
1461 root 0 kB [fcoethread/3]
1495 root 0 kB [scsi_eh_0]
1498 root 0 kB [scsi_eh_1]
1501 root 0 kB [scsi_eh_2]
1504 root 0 kB [scsi_eh_3]
1507 root 0 kB [scsi_eh_4]
1510 root 0 kB [scsi_eh_5]
1517 root 0 kB [kworker/u:6]
1604 root 0 kB [kpsmoused]
1623 root 0 kB [dm_bufio_cache]
1624 root 0 kB [kdelayd]
1625 root 0 kB [kmpathd]
1626 root 0 kB [kmpath_handlerd]
1629 root 0 kB [edac-poller]
1760 root 0 kB [md2_raid1]
1764 root 0 kB [md1_raid1]
1766 root 0 kB [jbd2/md1-8]
1767 root 0 kB [ext4-dio-unwrit]
2193 root 0 kB [jbd2/md2-8]
2194 root 0 kB [ext4-dio-unwrit]
2395 root 0 kB [flush-9:2]
2396 root 0 kB [flush-9:1]
5946 root 0 kB [kworker/0:1]
7508 root 0 kB [kworker/1:2]
8969 www-data 0 kB [apache2] <defunct>
9179 root 0 kB [kworker/1:0]
9180 root 0 kB [kworker/1:3]
9188 root 0 kB [kworker/0:2]
9731 root 0 kB [miniserv.pl] <defunct>

CONFIGURACION DE APACHE:

Based upon the NCSA server configuration files originally by Rob McCool.

This is the main Apache server configuration file. It contains the

configuration directives that give the server its instructions.

See http://httpd.apache.org/docs/2.2/ for detailed information about

the directives.

Do NOT simply read the instructions in here without understanding

what they do. They're here only as hints or reminders. If you are unsure

consult the online docs. You have been warned.

The configuration directives are grouped into three basic sections:

1. Directives that control the operation of the Apache server process as a

whole (the 'global environment').

2. Directives that define the parameters of the 'main' or 'default' server,

which responds to requests that aren't handled by a virtual host.

These directives also provide default values for the settings

of all virtual hosts.

3. Settings for virtual hosts, which allow Web requests to be sent to

different IP addresses or hostnames and have them handled by the

same Apache server process.

Configuration and logfile names: If the filenames you specify for many

of the server's control files begin with "/" (or "drive:/" for Win32), the

server will use that explicit path. If the filenames do not begin

with "/", the value of ServerRoot is prepended -- so "foo.log"

with ServerRoot set to "/etc/apache2" will be interpreted by the

server as "/etc/apache2/foo.log".

Section 1: Global Environment

The directives in this section affect the overall operation of Apache,

such as the number of concurrent requests it can handle or where it

can find its configuration files.

ServerRoot: The top of the directory tree under which the server's

configuration, error, and log files are kept.

NOTE! If you intend to place this on an NFS (or otherwise network)

mounted filesystem then please read the LockFile documentation (available

at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);

you will save yourself a lot of trouble.

Do NOT add a slash at the end of the directory path.

#
#ServerRoot "/etc/apache2"

The accept serialization lock file MUST BE STORED ON A LOCAL DISK.

#
LockFile ${APACHE_LOCK_DIR}/accept.lock

PidFile: The file in which the server should record its process

identification number when it starts.

This needs to be set in /etc/apache2/envvars

#
PidFile ${APACHE_PID_FILE}

Timeout: The number of seconds before receives and sends time out.

#
Timeout 30

KeepAlive: Whether or not to allow persistent connections (more than

one request per connection). Set to "Off" to deactivate.

#
KeepAlive off

MaxKeepAliveRequests: The maximum number of requests to allow

during a persistent connection. Set to 0 to allow an unlimited amount.

We recommend you leave this number high, for maximum performance.

#
MaxKeepAliveRequests 1000

KeepAliveTimeout: Number of seconds to wait for the next request from the

same client on the same connection.

#
KeepAliveTimeout 15

Server-Pool Size Regulation (MPM specific)

prefork MPM

StartServers: number of server processes to start

MinSpareServers: minimum number of server processes which are kept spare

MaxSpareServers: maximum number of server processes which are kept spare

MaxClients: maximum number of server processes allowed to start

MaxRequestsPerChild: maximum number of requests a server process serves

<IfModule mpm_prefork_module>
StartServers 10
MinSpareServers 10
MaxSpareServers 20
MaxClients 150
</IfModule>

worker MPM

StartServers: initial number of server processes to start

MaxClients: maximum number of simultaneous client connections

MinSpareThreads: minimum number of worker threads which are kept spare

MaxSpareThreads: maximum number of worker threads which are kept spare

ThreadLimit: ThreadsPerChild can be changed to this maximum value during a

graceful restart. ThreadLimit can only be changed by stopping

and starting Apache.

ThreadsPerChild: constant number of worker threads in each server process

MaxRequestsPerChild: maximum number of requests a server process serves

<IfModule mpm_worker_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 3000
</IfModule>

event MPM

StartServers: initial number of server processes to start

MaxClients: maximum number of simultaneous client connections

MinSpareThreads: minimum number of worker threads which are kept spare

MaxSpareThreads: maximum number of worker threads which are kept spare

ThreadsPerChild: constant number of worker threads in each server process

MaxRequestsPerChild: maximum number of requests a server process serves

<IfModule mpm_event_module>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>

These need to be set in /etc/apache2/envvars

User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

AccessFileName: The name of the file to look for in each directory

for additional configuration directives. See also the AllowOverride

directive.

AccessFileName .htaccess

The following lines prevent .htaccess and .htpasswd files from being

viewed by Web clients.

#
<Files ~ "^.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>

DefaultType is the default MIME type the server will use for a document

if it cannot otherwise determine one, such as from filename extensions.

If your server contains mostly text or HTML documents, "text/plain" is

a good value. If most of your content is binary, such as applications

or images, you may want to use "application/octet-stream" instead to

keep browsers from trying to display binary files as though they are

text.

#
DefaultType text/plain

HostnameLookups: Log the names of clients or just their IP addresses

e.g., www.apache.org (on) or 204.62.129.132 (off).

The default is off because it'd be overall better for the net if people

had to knowingly turn this feature on, since enabling it means that

each client request will result in AT LEAST one lookup request to the

nameserver.

#
HostnameLookups Off

ErrorLog: The location of the error log file.

If you do not specify an ErrorLog directive within a <VirtualHost>

container, error messages relating to that virtual host will be

logged here. If you do define an error logfile for a <VirtualHost>

container, that host's errors will be logged there and not here.

#
ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel: Control the number of messages logged to the error_log.

Possible values include: debug, info, notice, warn, error, crit,

alert, emerg.

#
LogLevel warn

Include module configuration:

Include mods-enabled/.load
Include mods-enabled/.conf

Include all the user configurations:

Include httpd.conf

Include ports listing

Include ports.conf

The following directives define some format nicknames for use with

a CustomLog directive (see below).

If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i

#
LogFormat "%v:%p %h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"" vhost_combined
LogFormat "%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

Include of directories ignores editors' and dpkg's backup files,

see README.Debian for details.

Include generic snippets of statements

Include conf.d/

Include the virtual host configurations:

Include sites-enabled/
NameVirtualHost 91.121.136.35:80

Rider_ #2 Ago '13

Aporto mas información de mi sistema:

Operating system Debian Linux 6.0.6

Time on server 31/Ago/2013 18:00 , Up 0 hours, 25 minutes

Kernel and CPU Linux 3.2.13-grsec-xxxx-grs-ipv6-64 on x86_64

CPU load averages 12.02 (1 min) 12.09 (5 mins) 8.82 (15 mins)

Running processes 484

Real memory 15.57 GB total, 10.65 GB used

Virtual memory 1 GB total, 9.73 MB used

Local disk space 1.82 TB total, 309.25 GB used

LoB0 #3 Ago '13

Buenas tardes.

¿Nos puedes postear los logs del apache y los del dmesg?

#1 De apache me refiero al error.log.

Un saludo.

Rider_ #4 Ago '13

si, claro, aunque veo que los tiros van por algun tipo de ataque que me están haciendo

el apachetop me da 240 conexiones al puerto 80

el error.log me da esto:

[Sun Aug 25 06:25:11 2013] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 25 06:25:11 2013] [notice] Digest: done
[Sun Aug 25 06:25:11 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Sun Aug 25 06:25:23 2013] [notice] Graceful restart requested, doing restart
[Sun Aug 25 06:25:26 2013] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 25 06:25:26 2013] [notice] Digest: done
[Sun Aug 25 06:25:26 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
[Sun Aug 25 06:25:36 2013] [notice] Graceful restart requested, doing restart
[Sun Aug 25 06:25:39 2013] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 25 06:25:39 2013] [notice] Digest: done
[Sun Aug 25 06:25:39 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Sun Aug 25 06:25:43 2013] [notice] Graceful restart requested, doing restart
[Sun Aug 25 06:25:46 2013] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 25 06:25:46 2013] [notice] Digest: done
[Sun Aug 25 06:25:46 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Sun Aug 25 06:25:48 2013] [notice] Graceful restart requested, doing restart
[Sun Aug 25 06:25:50 2013] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 25 06:25:50 2013] [notice] Digest: done
[Sun Aug 25 06:25:51 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Sun Aug 25 06:25:53 2013] [notice] Graceful restart requested, doing restart
[Sun Aug 25 06:25:57 2013] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 25 06:25:57 2013] [notice] Digest: done
[Sun Aug 25 06:25:57 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Sun Aug 25 06:25:59 2013] [notice] Graceful restart requested, doing restart
[Sun Aug 25 06:26:02 2013] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 25 06:26:02 2013] [notice] Digest: done
[Sun Aug 25 06:26:02 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Sun Aug 25 06:26:04 2013] [notice] Graceful restart requested, doing restart
[Sun Aug 25 06:26:07 2013] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 25 06:26:07 2013] [notice] Digest: done
[Sun Aug 25 06:26:07 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Sun Aug 25 06:26:09 2013] [notice] Graceful restart requested, doing restart
[Sun Aug 25 06:26:12 2013] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 25 06:26:12 2013] [notice] Digest: done
[Sun Aug 25 06:26:12 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Sun Aug 25 06:26:14 2013] [notice] Graceful restart requested, doing restart
[Sun Aug 25 06:26:15 2013] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 25 06:26:15 2013] [notice] Digest: done
[Sun Aug 25 06:26:15 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Sun Aug 25 06:26:19 2013] [notice] Graceful restart requested, doing restart
[Sun Aug 25 06:26:21 2013] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 25 06:26:21 2013] [notice] Digest: done
[Sun Aug 25 06:26:21 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
[Sun Aug 25 07:33:46 2013] [warn] mod_fcgid: process 25351 graceful kill fail, sending SIGKILL
[Sun Aug 25 07:44:33 2013] [warn] mod_fcgid: process 25358 graceful kill fail, sending SIGKILL
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
[Sun Aug 25 07:57:20 2013] [warn] mod_fcgid: process 26647 graceful kill fail, sending SIGKILL
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
[Sun Aug 25 07:58:08 2013] [warn] mod_fcgid: process 30050 graceful kill fail, sending SIGKILL
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
[Sun Aug 25 08:08:13 2013] [warn] mod_fcgid: process 30881 graceful kill fail, sending SIGKILL
[Sun Aug 25 08:08:33 2013] [warn] mod_fcgid: process 31720 graceful kill fail, sending SIGKILL
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
[Sun Aug 25 08:10:07 2013] [warn] mod_fcgid: process 31738 graceful kill fail, sending SIGKILL
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
[Sun Aug 25 08:14:16 2013] [warn] mod_fcgid: process 32572 graceful kill fail, sending SIGKILL
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
[Sun Aug 25 08:15:22 2013] [warn] mod_fcgid: process 32503 graceful kill fail, sending SIGKILL
[Sun Aug 25 08:17:15 2013] [warn] mod_fcgid: process 32687 graceful kill fail, sending SIGKILL
[Sun Aug 25 08:17:55 2013] [warn] mod_fcgid: process 904 graceful kill fail, sending SIGKILL
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
[Sun Aug 25 08:28:37 2013] [warn] mod_fcgid: process 1092 graceful kill fail, sending SIGKILL
[Sun Aug 25 08:43:13 2013] [warn] mod_fcgid: process 3113 graceful kill fail, sending SIGKILL
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
[Sun Aug 25 08:51:03 2013] [warn] mod_fcgid: process 5782 graceful kill fail, sending SIGKILL
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
[Sun Aug 25 08:53:52 2013] [warn] mod_fcgid: process 3112 graceful kill fail, sending SIGKILL
[Sun Aug 25 08:55:51 2013] [warn] mod_fcgid: process 5947 graceful kill fail, sending SIGKILL
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
PHP Warning: Module 'suhosin' already loaded in Unknown on line 0
[Sun Aug 25 09:03:24 2013] [warn] mod_fcgid: process 6926 graceful kill fail, sending SIGKILL
[Sun Aug 25 09:04:24 2013] [warn] mod_fcgid: process 7965 graceful kill fail, sending SIGKILL
[Sun Aug 25 09:04:26 2013] [warn] mod_fcgid: process 7055 graceful kill fail, sending SIGKILL
[Sun Aug 25 09:05:17 2013] [warn] mod_fcgid: process 6892 graceful kill fail, sending SIGKILL

Rider_ #5 Ago '13

pero el problema yo creo que puede ser un ataque... el server-status de apache me da esto:

Apache Server Status for localhost

Server Version: Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze17 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o
Server Built: Mar 3 2013 12:09:44

Current Time: Saturday, 31-Aug-2013 19:49:51 CEST
Restart Time: Saturday, 31-Aug-2013 18:43:40 CEST
Parent Server Generation: 0
Server uptime: 1 hour 6 minutes 11 seconds
Total accesses: 20342 - Total Traffic: 89.0 MB
CPU Usage: u2.32 s1.01 cu0 cs0 - .0839% CPU load
5.12 requests/sec - 22.9 kB/second - 4587 B/request
210 requests currently being processed, 37 idle workers

WWWWWW_WWWWWWWWWWW_WW_WWW_WWWWW.WWWWW_WWWWWWW W_WWWWWWWW_WW
WW_WWWWWW_W_WWWWWWW_WWWWWWW_WWWWW_WWWWWW_WWWWW_CWW W_WWWWW_WWWWWW
WWWWWWWWWWW_WWWWWRWWWWWWCWWWW_WWWW_WW_WWWWWW_WWWWW WWWWWWWWWW_WWW
WWWW_WW_WW_WWWWWW_WWWWW__W_WWWWWWWWWWWWWW.WWWWWWWW WWWWWW._......

Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"C" Closing connection, "L" Logging, "G" Gracefully finishing,
"I" Idle cleanup of worker, "." Open slot with no current process

Srv PID Acc M CPU SS Req Conn Child Slot Client VHost Request
0-0 9127 0/541/541 _ 0.39 0 54066 0.0 0.74 0.74 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
1-0 12108 0/150/502 W 0.10 509 0 0.0 0.15 0.70 198.143.130.186 comatel.net GET /content/49/phoenix-contact-parte-enchufable-corriente-nomi
2-0 15529 0/16/500 W 0.02 414 0 0.0 0.01 12.45 198.143.130.186 comatel.net GET /content/38/solera-marco-para-superficie-y-empotrar-de-85x1
3-0 17071 0/1/522 W 0.00 19 0 0.0 0.00 0.92 115.28.7.146 comatel.net GET http://www.ffu8.com/ HTTP/1.1
4-0 15530 0/14/519 _ 0.02 2 191139 0.0 0.01 0.66 157.55.35.75 comatel.net GET /content/25/disano-sirio-kit-643-led-3x16w-cld-ctl-blanco-2
5-0 14656 0/15/557 _ 0.02 0 57074 0.0 0.01 0.90 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
6-0 15531 0/7/537 W 0.00 440 0 0.0 0.00 1.05 157.55.34.35 comatel.net GET /content/112/finder-rel%C3%A9-de-potencia-653190800300 HTTP
7-0 16382 0/5/503 W 0.00 25 0 0.0 0.01 0.95 66.249.75.221 masvoltaje.com GET /simatic-s7-1200/1228-simatic-s7-1200-entrada-analogica-sm-
8-0 15704 0/9/472 W 0.01 464 0 0.0 0.01 0.87 198.143.130.186 comatel.net GET /content/49/phoenix-contact-elemento-de-sirena-7-sonidos-24
9-0 17072 0/2/510 _ 0.00 0 18473 0.0 0.01 0.98 115.28.7.146 comatel.net GET http://www.ffu8.com/ HTTP/1.1
10-0 16865 0/5/520 W 0.00 12 0 0.0 0.01 0.89 183.247.169.6 comatel.net GET http://www.660it.com HTTP/1.1
11-0 16673 0/10/503 W 0.01 38 0 0.0 0.02 0.72 198.143.130.186 comatel.net GET /content/5/schneider-electric-det-fotoelec-fun-m18-dc3h-pro
12-0 16674 0/0/516 W 0.00 247 0 0.0 0.00 1.00 198.143.130.186 comatel.net GET /content/55/secom-fijo-sin-borde-50mm-gu-10-11w-blancolamp-
13-0 16866 0/15/503 W 0.01 5 0 0.0 0.10 1.13 115.28.7.146 comatel.net GET http://www.ffu8.com/ HTTP/1.1
14-0 15535 0/9/569 W 0.01 440 0 0.0 0.03 1.28 198.143.130.186 comatel.net GET /content/61/televes-integra-terminal-de-servicios-7675 HTTP
15-0 15536 0/4/537 W 0.00 5 0 0.0 0.00 1.56 198.143.130.186 comatel.net GET /content/25/disano-413-boreale-fl-1x58-cell-blanco-21491508
16-0 15146 0/12/467 W 0.01 315 0 0.0 0.01 1.15 198.143.130.186 comatel.net GET /content/5/schneider-electric-cabeza-conmut-multifijacion-k
17-0 15537 0/4/510 W 0.00 27 0 0.0 0.01 1.03 115.28.7.146 comatel.net GET http://www.ffu8.com/ HTTP/1.1
18-0 15538 0/13/534 W 0.01 9 0 0.0 0.09 0.95 198.143.130.186 comatel.net GET /content/35/gaestopas-derivacion-en-y-rqy-ad-2x425-1x545-ne
19-0 15539 0/13/328 _ 0.03 0 46062 0.0 0.01 0.53 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
20-0 17073 0/2/281 _ 0.00 0 18021 0.0 0.00 0.40 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
21-0 15540 0/8/392 W 0.00 11 0 0.0 0.01 0.59 183.247.169.6 comatel.net GET http://www.660it.com HTTP/1.1
22-0 12111 0/175/537 W 0.14 7 0 0.0 0.25 0.89 183.247.169.6 comatel.net GET http://www.660it.com HTTP/1.1
23-0 16505 0/7/375 _ 0.00 2 35044 0.0 0.00 0.77 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
24-0 13292 0/25/357 W 0.01 294 0 0.0 0.01 0.78 157.56.92.141 comatel.net GET /content/49/phoenix-contact-placa-de-circuito-impreso-para-
25-0 15542 0/8/430 W 0.00 47 0 0.0 0.01 0.71 88.19.80.161 masvoltaje.com GET /15_televes HTTP/1.1
26-0 12113 0/181/477 _ 0.15 0 23028 0.0 0.19 0.69 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
27-0 17074 0/1/651 W 0.00 18 0 0.0 0.00 28.29 115.28.7.146 comatel.net GET http://www.ffu8.com/ HTTP/1.1
28-0 13293 0/31/289 W 0.02 420 0 0.0 0.01 0.49 198.143.130.186 comatel.net GET /content/5/schneider-electric-disp-emision-tension-48v-60hz
29-0 15543 0/6/350 W 0.01 480 0 0.0 0.01 12.33 198.143.130.186 comatel.net GET /content/55/secom-enerfi-superficie-3x54wdifusor-prismatico
30-0 13320 0/30/122 _ 0.03 0 9012 0.0 0.03 0.33 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
31-0 17075 0/1/236 W 0.00 18 0 0.0 0.00 0.76 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
32-0 13881 0/14/38 W 0.02 63 0 0.0 0.04 0.08 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
33-0 16870 0/3/36 W 0.00 25 0 0.0 0.01 0.05 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
34-0 17076 0/1/41 W 0.00 17 0 0.0 0.00 0.08 115.28.7.146 comatel.net GET http://www.ffu8.com/ HTTP/1.1
35-0 13342 0/25/25 W 0.02 41 0 0.0 0.06 0.06 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
36-0 - 0/0/34 . 0.00 0 0 0.0 0.00 0.01 ::1 ns202074.ovh.net OPTIONS * HTTP/1.0
37-0 17167 0/0/32 W 0.00 2 0 0.0 0.00 0.10 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
38-0 13406 0/20/20 W 0.02 6 0 0.0 0.04 0.04 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
39-0 13407 0/31/31 W 0.02 5 0 0.0 0.05 0.05 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
40-0 15546 0/14/30 W 0.02 177 0 0.0 0.05 0.05 198.143.130.186 comatel.net GET /content/15/unex-77-canal-gris-ral7030-60x80-u23x-608077 HT
41-0 13409 0/63/63 W 0.04 105 0 0.0 0.06 0.06 198.143.130.186 comatel.net GET /content/5/schneider-electric-inv-ever-3p-ac3-440v-65a-220v
42-0 16388 0/7/45 _ 0.01 0 19031 0.0 0.00 0.08 183.247.169.6 comatel.net GET http://www.hs58.cn HTTP/1.1
43-0 15547 0/9/24 W 0.02 263 0 0.0 0.00 0.01 198.143.130.186 comatel.net GET /content/49/phoenix-contact-parte-enchufable-corriente-nomi
44-0 17077 0/2/34 W 0.00 10 0 0.0 0.00 0.02 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
45-0 16677 0/4/19 W 0.00 7 0 0.0 0.00 0.01 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
46-0 15548 0/15/45 W 0.02 48 0 0.0 0.01 0.03 198.143.130.186 comatel.net GET /content/108/cablofil-tapa-concavo-tcv-400-gc-cm223373 HTTP
47-0 13486 0/19/19 W 0.02 254 0 0.0 0.05 0.05 198.143.130.186 comatel.net GET /content/108/cablofil-ciega-bcl-50x50-gc-cm320203 HTTP/1.1
48-0 15549 0/10/29 W 0.00 250 0 0.0 0.02 0.04 198.143.130.186 comatel.net GET /content/49/phoenix-contact-sac-mr015-1162xb-1l-z-sco-14583
49-0 15707 0/7/20 W 0.01 10 0 0.0 0.00 0.01 115.28.7.146 comatel.net GET http://www.ffu8.com/ HTTP/1.1
50-0 15230 0/8/17 W 0.00 6 0 0.0 0.06 0.08 183.247.169.6 comatel.net GET http://www.hs58.cn HTTP/1.1
51-0 13513 0/46/46 _ 0.04 2 466593 0.0 0.02 0.02 198.143.130.186 comatel.net GET /content/3/siemens-5sh5025-5sh5025 HTTP/1.1
52-0 15551 0/8/29 W 0.01 390 0 0.0 0.01 0.04 198.143.130.186 comatel.net GET /content/5/schneider-electric-encoder-incr-d90-10kpts-5vdc-
53-0 16871 0/4/24 W 0.00 29 0 0.0 0.01 0.04 183.247.169.6 comatel.net GET http://www.660it.com HTTP/1.1
54-0 16390 0/10/36 W 0.00 25 0 0.0 0.02 0.08 157.55.33.98 comatel.net GET /content/38/solera-caja-para-distribuci%C3%B3n-de-120x140x5
55-0 15552 0/16/30 W 0.02 139 0 0.0 0.01 0.05 198.143.130.186 comatel.net GET /content/5/schneider-electric-fibra-optica-largo-alcance-xu
56-0 16872 0/3/24 W 0.00 34 0 0.0 0.00 0.05 210.4.15.98 comatel.net CONNECT mxs.mail.ru:25 HTTP/1.0
57-0 13559 0/17/17 W 0.01 464 0 0.0 2.35 2.35 198.143.130.186 comatel.net GET /content/112/finder-rel%C3%A9-subminiatura-322170482000 HTT
58-0 14853 0/8/38 W 0.02 42 0 0.0 0.00 0.10 198.143.130.186 comatel.net GET /content/49/phoenix-contact-carcasa-z%C3%B3calo-con-brida-l
59-0 16873 0/3/21 W 0.00 37 0 0.0 0.00 0.01 61.228.27.222 comatel.net CONNECT tw.edit.yahoo.com:443 HTTP/1.1
60-0 16391 0/8/29 _ 0.00 0 54073 0.0 0.01 0.02 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
61-0 15553 0/7/47 W 0.00 346 0 0.0 0.00 0.03 198.143.130.186 comatel.net GET /content/11/3m-ple-impresora-en-relieve-de-exterior-cinta-m
62-0 17078 0/1/18 W 0.00 16 0 0.0 0.00 0.04 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
63-0 16876 0/4/23 _ 0.00 0 25432 0.0 0.01 0.02 115.28.7.146 comatel.net GET http://www.ffu8.com/ HTTP/1.1
64-0 15708 0/12/26 W 0.01 56 0 0.0 0.01 0.02 198.143.130.186 comatel.net GET /content/49/phoenix-contact-carcasa-de-base-corriente-nomin
65-0 14242 0/17/39 W 0.02 7 0 0.0 0.03 0.08 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
66-0 15555 0/22/28 _ 0.03 0 54061 0.0 0.01 0.02 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
67-0 15556 0/12/61 W 0.03 62 0 0.0 0.00 0.03 198.143.130.186 comatel.net GET /content/5/schneider-electric-captador-10bar-m12-05-45v-716
68-0 15557 0/9/59 W 0.01 314 0 0.0 0.00 0.22 157.55.35.75 comatel.net GET /content/3/siemens-5su1654-6kk06-5su1654-6kk06 HTTP/1.0
69-0 15558 0/12/23 W 0.01 54 0 0.0 0.02 0.04 198.143.130.186 comatel.net GET /content/3/siemens-es24ry0060-0np40-es24ry0060-0np40?field_
70-0 16877 0/4/55 W 0.00 50 0 0.0 0.00 0.08 115.28.7.146 comatel.net GET http://www.ffu8.com/ HTTP/1.1
71-0 15712 0/13/49 W 0.02 58 0 0.0 0.02 0.04 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
72-0 16680 0/1/24 W 0.00 239 0 0.0 0.00 0.05 198.143.130.186 comatel.net GET /content/4/legrand-puntera-starfix-15mm2-037664?field_fabri
73-0 16878 0/5/25 _ 0.00 0 24028 0.0 0.03 0.06 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
74-0 13652 0/44/44 W 0.05 52 0 0.0 0.08 0.08 198.143.130.186 comatel.net GET /content/49/phoenix-contact-carcasa-de-base-corriente-nomin
75-0 13668 0/25/25 _ 0.04 0 64097 0.0 0.02 0.02 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
76-0 16879 0/0/46 W 0.00 181 0 0.0 0.00 0.02 198.143.130.186 comatel.net GET /content/49/phoenix-contact-cable-para-sensoresactuadores-3
77-0 14359 0/17/41 W 0.01 442 0 0.0 0.07 0.13 198.143.130.186 comatel.net GET /content/4/legrand-xl3-placa-dpx250630-020228 HTTP/1.1
78-0 16681 0/2/17 W 0.00 102 0 0.0 0.00 0.01 198.143.130.186 comatel.net GET /content/25/disano-alim-0908-master-ire-36w-230-240v-rgb-22
79-0 14173 0/7/19 W 0.01 258 0 0.0 0.00 0.01 66.249.75.18 comatel.net GET /content/106/fermax-marco-skyline-2v-s2-7332 HTTP/1.1
80-0 16880 0/2/15 W 0.00 44 0 0.0 0.00 0.02 120.32.220.252 comatel.net GET http://wp.qq.com/wpa/user/online_sta...ck=jQuery17200
81-0 13759 0/12/12 W 0.01 4 0 0.0 0.00 0.00 115.28.7.146 comatel.net GET http://www.ffu8.com/ HTTP/1.1
82-0 17168 0/0/31 W 0.02 1 0 0.0 0.00 0.03 183.247.169.6 comatel.net GET http://www.hs58.cn HTTP/1.1
83-0 17079 0/2/65 _ 0.00 0 34492 0.0 0.01 0.11 115.28.7.146 comatel.net GET http://www.ffu8.com/ HTTP/1.1
84-0 16511 0/4/21 W 0.01 15 0 0.0 0.00 0.01 219.235.5.102 comatel.net GET http://www.vcfruit.com HTTP/1.1
85-0 16393 0/7/34 W 0.01 35 0 0.0 0.02 0.04 198.143.130.186 comatel.net GET /content/15/unex-78-%C3%A1ngulo-interior-blanco-ral9001-16x

Y UN LARGO ETCETERA

¿Que son las direcciones web esas extrañas de paginas chinas? ¿es un ataque?

1 respuesta

DiSKuN #6 Ago '13 Gafe

#5 url chinas + muchos accesos web = mal asunto xD

Bloquea dichas IPs con iptables

Tambien puedes instalarle el modulo mod_security a Apache y la mayoría de ataques te los previene

Rider_ #7 Ago '13

me aparecen 630 conexiones con el comando netstat -n |grep :80 |wc -l

Rider_ #8 Ago '13

estoy viendo que tengo varias IPS con un montonazo de conexiones:

estas son las ips conectadas:

root@ns202074: netstat -plan|grep :80 | awk {'print $5'} | cut -d: -f 1 | sort | uniq -c | sort -n
1
1 113.134.34.186
1 116.59.225.65
1 14.223.190.52
1 175.42.95.16
1 178.33.217.30
1 180.76.5.66
1 180.76.5.91
1 186.79.177.49
1 188.95.106.97
1 212.5.77.131
1 216.152.245.251
1 65.55.215.245
1 66.249.75.18
1 69.171.234.113
1 91.232.96.12
2 116.16.26.62
2 60.247.92.242
3 95.211.238.110
4 1.93.49.108
7 201.214.103.217
7 79.154.10.33
19 192.154.105.132
66 23.104.24.6
104 183.247.169.6
116 198.143.130.186
184 219.235.5.102
211 115.28.7.146

¿Ataque?

DiSKuN #9 Sep '13 Gafe

Esas 200 y pico no huelen bien. Con la web geoip puedes ver de donde son

115.28.7.146 --> China
219.235.5.102 --> China
198.143.130.186 --> USA
183.247.169.6 --> China

Tambien revisa que no sean robots scaneando toda la web. Eso lo puedes ver en los logs de apache si no me equivoco

Rider_ #10 Sep '13

tras bloquear todas las ips sospechosas de mas de 200 peticiones y tras funcionar todo correctamente durante 2 horas me he quedado sin acceso al servidor, no puedo acceder ni por ssh, ni por putty ni por el virtualmin... he reiniciado varias veces y nada... eso si... desde el manager de OVH me marca que tengo 520 procesos en sleep.

1 respuesta

DiSKuN #11 Sep '13 Gafe

#10 haz un nmap a tu servidor y mira si no está bloqueado el puerto 22 a tu IP

Rider_ #12 Sep '13

vuelvo a tener acceso al server, todo está estable por el momento, cuando se vaya a pique expondré aqui lo que percibo

1 respuesta

DiSKuN #13 Sep '13 Gafe

#12 pásale otro netstat junto con watch para ver en tiempo real las conexiones por el puerto 80

watch -n 1 netstat -plan|grep :80 | awk {'print $5'} | cut -d: -f 1 | sort | uniq -c | sort -n

Responder

Responder Compartir