Here’s a quick and dirty tips on how to find cause of heavy CPU resources usage on your Apache webserver (especially when running php scripts).

First you need to locate the Apache 2 “access.log” file. By default in Ubuntu, this file is located in “/var/logs/apache2″ directory.

Then you need to run this command to find out which IP address accesses your website the most in a short time.

tail -10000 access.log| awk '{print $1}' | sort | uniq -c |sort -n

The output of the command should contain a list of IP addresses along with the number of hits it made in the last 10,000 access of your website

 47 117.58.252.98
     81 202.124.242.186
     84 202.124.245.26
    182 194.164.101.217
    220 208.101.22.146
    225 72.167.131.144
   3946 93.135.xxx.xxx

From here you can easily locate the offending ip address and proceed to block it from accessing your website further using .htaccess file or other blocking method.

Here is an example to block certain ip address from accessing your website using .htaccess file

<limit GET HEAD POST>
 order deny,allow
 deny from  93.135.xxx.xxx
</limit>

Save .htaccess file in the root directory of your web server (example /var/www), and the ip address wont be available to access your site again.

Hope that would help you!

Tags: apache, http, security, web server, webserver

Keep updated with the latest posts, be a part of over 1,000 subscribers! : Subscribe to your email