• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue High CPU usage and poor performance (MYSQL)

A

aromero

New Pleskian
Server operating system version
Ubuntu 20.04.2 LTS
Plesk version and microupdate number
18.0.58 #2
Hello, we're having some problems with the performance of the server. Right now, it looks like the CPU usage is almost at 100% all the time, and the process that is taking most of the usage is mysql:
1707734420572.png
As of today, we haven't figured out what to do in this case. We can't give more resources to the server since is already at it's maximum. Of course, this translates in poor performance on mysql databases aswell.

I've recently added this on the config file of mysql, but It didn't do much.
1707734371418.png
We need some help with this.
 

Attachments

  • 1707734179417.png
    1707734179417.png
    58.4 KB · Views: 4
  • 1707734417166.png
    1707734417166.png
    58.6 KB · Views: 4
What is the domain log, the mysql.log? We had to disable the mysql.log because it would grow way too fast.
 
e.G. Backend Plesk - Domains - Logs: you see time, ip, executed file - status of execution (200, 404..) and there you can look for strage execution with sql commands like create, select... and u can judge is it normal or not (likley php files are ued to exploit with adding "?BAD-COMMAND")
Or look at the different jounals at cli what Peter mentioned
 
One thing I've noticed is that after I enabled the mysql.log momentarily it increased 5GB in a matter of seconds, and checking the log the server is doing massive queries with thousands of IDs (Mostly PrestaShop queries). I'm inclined to think we (or some client) is getting attacked via PrestaShop queries.1707812369995.png
(Multiply that by infinite, basically)
 
aromero said:
I'm inclined to think we (or some client) is getting attacked via PrestaShop queries.
Click to expand...
Yes, that seems to be just right. You'll probably also see something like frequently repeated requests in the access_ssl_log of the site with changing parameters (...?<parameter>=...).
Quick fix: plesk bin ip_ban --ban <offending ip address here>,recidive

Or, if the attacks come from different sources, finde the top requestors:
cat access_ssl_log | awk '{print $1}' | sort -n | uniq -c | sort -n
Then ban them (but watchout that you do not ban your own server IP).
 
Might also a search engine crawler going through all your listing options. In that case you should probably not ban them if you still want to be found, but instead adjust the robots.txt and declare links to search pages as nofollow.
 
You must log in or register to reply here.

Similar threads

B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
1
Views
152
Sebahat.hadzhi
Sebahat.hadzhi
G
Issue high CPU-usage ("/usr/bin/apach" "php-cgi" "php-fpm")
Replies
1
Views
2K
Peter Debik
P
C
Issue High CPU Usage postgres memory process
Replies
3
Views
964
Peter Debik
P
E
Issue Abnormal CPU usage and Apache crash
Replies
13
Views
3K
MartinT
M
randypetersen
Question After upgrade PHP-FPM has high cpu usage.
Replies
6
Views
9K
Peter Debik
P
Back
Top