Ammu voilaah
asked on
HIGH CPU Utilization suddenly on EC2 Instance
Unusual High CPU CLoud watch alarm from my AWS Ec2 Instance. The Ec2 Instance consists of Magento 2 website and Wordpress websites. The Magento 2 site is loading very slow accessing when the server is UP. But the server goes down for every 30 mins approx. In the Apache Error log, it shows :
[Mon Mar 19 01:29:55.216115 2018] [lbmethod_heartbeat:notice ] [pid 2571] AH02282: No slotmem from mod_heartmonitor
[Mon Mar 19 01:30:01.432626 2018] [mpm_prefork:notice] [pid 2571] AH00163: Apache/2.4.27 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.32 configured -- resuming normal operations
[Mon Mar 19 01:30:01.432665 2018] [core:notice] [pid 2571] AH00094: Command line: '/usr/sbin/httpd'
[Mon Mar 19 01:35:45.104754 2018] [mpm_prefork:notice] [pid 2571] AH00169: caught SIGTERM, shutting down
[Mon Mar 19 01:37:03.874296 2018] [suexec:notice] [pid 2570] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
This unusual activity started on March 12th before that the server went down only once in a month. Any Idea on what causing this issue? Is it apache MPM prefork version or Magento codes? I don't know how to troubleshoot this.
[Mon Mar 19 01:29:55.216115 2018] [lbmethod_heartbeat:notice
[Mon Mar 19 01:30:01.432626 2018] [mpm_prefork:notice] [pid 2571] AH00163: Apache/2.4.27 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.32 configured -- resuming normal operations
[Mon Mar 19 01:30:01.432665 2018] [core:notice] [pid 2571] AH00094: Command line: '/usr/sbin/httpd'
[Mon Mar 19 01:35:45.104754 2018] [mpm_prefork:notice] [pid 2571] AH00169: caught SIGTERM, shutting down
[Mon Mar 19 01:37:03.874296 2018] [suexec:notice] [pid 2570] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
This unusual activity started on March 12th before that the server went down only once in a month. Any Idea on what causing this issue? Is it apache MPM prefork version or Magento codes? I don't know how to troubleshoot this.
To answer these questions requires access to many system logs.
And, if you're using Prefork + PHP, you're running an Apache Stack which is one of the highest resource usage possible configurations.
Before you go any further, change over to this approach.
1) Use mpm_event (lightest weight Apache MPM).
2) FPM PHP
3) HTTP2
4) SSL config which correctly implements Stapling + HSTS
Just doing these few items will dramatically reduce resource usage.
And, if you're using Prefork + PHP, you're running an Apache Stack which is one of the highest resource usage possible configurations.
Before you go any further, change over to this approach.
1) Use mpm_event (lightest weight Apache MPM).
2) FPM PHP
3) HTTP2
4) SSL config which correctly implements Stapling + HSTS
Just doing these few items will dramatically reduce resource usage.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
https://mediatemple.net/community/products/dv/204405434/how-to-uncover-malicious-code-malware-files).
In the end, it's a huge help to implement a web application firewall (WAF) in front of your web server to help mitigate these kinds of attacks. If you have a firewall that can give you some insight into the traffic heading to and from your server, you can check there for any indication of an attack as well.