Here’s a quick and dirty tips on how to find cause of heavy CPU resources usage on your Apache webserver (especially when running php scripts).
First you need to locate the Apache 2 “access.log” file. By default in Ubuntu, this file is located in “/var/logs/apache2” directory.
Then you need to run this command to find out which IP address accesses your website the most in a short time.
[code]
tail -10000 access.log| awk ‘{print $1}’ | sort | uniq -c |sort -n
[/code]
The output of the command should contain a list of IP addresses along with the number of hits it made in the last 10,000 access of your website
[code]
47 117.58.252.98
81 202.124.242.186
84 202.124.245.26
182 194.164.101.217
220 208.101.22.146
225 72.167.131.144
3946 93.135.xxx.xxx
[/code]
From here you can easily locate the offending ip address and proceed to block it from accessing your website further using .htaccess file or other blocking method.
Here is an example to block certain ip address from accessing your website using .htaccess file
[code]
deny from 93.135.xxx.xxx
Save .htaccess file in the root directory of your web server (example /var/www), and the ip address wont be available to access your site again.
Hope that would help you!