PHP Processes

software development

#1

Hello, I’ve been noticing very slow speeds on some of my sub-domains, and my PHP scripts, so I asked the DH support, and this is what they said:

[quote]However, your user’s PHP processes are continually being killed off by
our process watcher for bypassing the memory and CPU restrictions we have
in effect. We have these precautions in place to prevent users from
crashing the web server and adversely affecting other users.

Please try to keep your memory usage under 50MB to prevent this from
happening. You may want to check into implementing some type of PHP
caching mechanism or accelerator. Also, moving your domains to separate
web users will help isolate any issues.[/quote]
I have an FTP user, with access to 2 domains, one, my main site, and the second subdomain, a wordpress blog. I have other FTP users, with access to other subdomains. But the main user is the one with the problems (says the support guy). My 2 sites that I have on this main user is a small site, with very little PHP, just a few php scripts, a phpbb forum with a few mods, and my other is a small wordpress blog. I don’t understand how these 2 php created scripts can slow down my PHP so much. I had this setup with my old host, and never had any problems with having a forum and a blog setup on the same user. I don’t really understand how a forum and a blog can kill my PHP usage, I don’t even think the forum and the blog combined equal 50 MB’s!

A little clarification would help, I just don’t understand really what is going on, maybe I am mis-understanding. My old host, which was a free host, never had this problem!

So I’ve been looking at the wiki, and saw this, and thought maybe someone is trying to hack my site or slow it down by doing something:
http://wiki.dreamhost.com/index.php/Finding_Causes_of_Heavy_Usage

This is what it says in the wiki:

[quote] Go to:

/home/user/logs/domain.com/http

where ‘user’ is your actual user and ‘domain.com’ is one of your domains - you’ll want to do this for each of the domains under your user. Enter this command to see the IPs hitting the domain the most:

tail -10000 access.log| awk ‘{print $1}’ | sort | uniq -c |sort -n
[/quote]
I’ve accessed the logs via FTP, but I don’t know where to type in that command? Do I type it through my SSH program??

Thanks a lot!


#2

[quote]Do I type it through my SSH program??

[/quote]

Yes.

This command will take the last 10,000 lines of your access.log (depending on how much usage your site has, this might in fact be the complete file), take the IP of each line, sort them, count how often they occur and then sort them again by that number.

So what you end up with could be this:

1 74.74.74.74 1 74.74.74.20 1 74.74.74.59 1 74.74.74.72 2 137.137.137.137 10 249.249.249.249


#3

Hello, thanks for the reply!

When I type in that command it says access log cannot be found, how do I navigate to the access long via my SSH program? I’m currently using Putty.

Thanks again.


#4

Assuming you’re in your home directory (reachable with “cd ~”), here is the path to the log directory:

cd logs/your.domain.com/http


#5

thanks so much, cd worked! i just have one more small question please…

My log says that almost 3500 connections from: 204.100.192.202

I do think this is somewhat strange, because my own IP doesn’t even have 500 connections! Do you think this could be an attempt to slow down and kill my PHP usage? 3500 is just too much I think.


#6

Well, you can find out what URL they were hitting by using

grep ‘204.100.192.202’ access.log

in the same directory. That will show all the lines with that IP in the file.

You can also use

grep ‘204.100.192.202’ access.log >~/ip-search.txt

To put it into a text file in your home directory, which you can then download and read offline.

If the only URL was, say, your guestbook, you know you’re dealing with a spammer. Otherwise, it might be a search engine spider…


#7

aha! it seems to be my proxy that this guy is targeting. i don’t think he is a spammer, most of the links lead to myspace videos, and runescape, but I will have to set some sort of limitation. This all makes sense now!

Thanks so much Arancaytar!