How to find cause of heavy usage on your Apache webserver

Posted by mypapit on 16 Nov 2008 in Computers, PHP, Server, Tips & Guides, security
advertisement logo

 

Here's a quick and dirty tips on how to find cause of heavy CPU resources usage on your Apache webserver (especially when running php scripts).

First you need to locate the Apache 2 "access.log" file. By default in Ubuntu, this file is located in "/var/logs/apache2" directory.

Then you need to run this command to find out which IP address accesses your website the most in a short time.

PLAIN TEXT
CODE:
  1. tail -10000 access.log| awk '{print $1}' | sort | uniq -c |sort -n

The output of the command should contain a list of IP addresses along with the number of hits it made in the last 10,000 access of your website

PLAIN TEXT
CODE:
  1. 47 117.58.252.98
  2.      81 202.124.242.186
  3.      84 202.124.245.26
  4.     182 194.164.101.217
  5.     220 208.101.22.146
  6.     225 72.167.131.144
  7.    3946 93.135.xxx.xxx

From here you can easily locate the offending ip address and proceed to block it from accessing your website further using .htaccess file or other blocking method.

Here is an example to block certain ip address from accessing your website using .htaccess file

PLAIN TEXT
CODE:
  1. <limit GET HEAD POST>
  2.  order deny,allow
  3.  deny from  93.135.xxx.xxx
  4. </limit>

Save .htaccess file in the root directory of your web server (example /var/www), and the ip address wont be available to access your site again.

Hope that would help you!

Bookmark this article
  • NewsVine
  • Netvouz
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Technorati
  • PDF
  • Digg
  • Facebook
  • Twitter
Tags: , , , ,

Keep updated with this website! : Subscribe to your email

Recommended Reading

3 smashing comments for this post.

  1. Matt Simmons Said:
    November 16th, 2008 at 11:05 pm

    That’s a cool bit of bash’ery there. My only suggestion might be to block the IP on your firewall instead of the apache config, which you’ve got to reboot the apache daemon for. An IP that’s abusive might be doing the same thing across the network. Before you blocked it anywhere, you should probably make sure it’s not valid traffic.

    Cool write up, thanks!

  2. Harith Said:
    November 16th, 2008 at 11:23 pm

    good info for me…maybe useful for linux share hosting user… ;)

  3. Colocation Dedicated Voip Said:
    June 29th, 2009 at 2:06 pm

    Excellent, thank you
    in the following ways to use cPanel servers

    tail -10000 /usr/local/apache/logs/access_log | awk ‘{print $1}’ | sort | uniq -c | sort -n

    Dedicated Colocation Voip Datacenter

Leave a Comment

Subscribe by email

Enter your Email

 

Read Planet Fakap!

Bad Behavior has blocked 2955 access attempts in the last 7 days.

HostGator coupons mypapit's Profile on Ping.sg