0

We have apache2 web server installed with php in fastcgi

Action application/x-httpd-php "/cgi-wrapper/fastcgi-wrapper" <Location /cgi-wrapper/fastcgi-wrapper> Options +ExecCGI SetHandler fcgid-script </Location> <Location /cgi-wrapper/php-ssi-wrapper> Options +ExecCGI SetOutputFilter Includes </Location> SuexecUserGroup u4686 u4686 ScriptAlias /cgi-wrapper/ /var/www/xxx/ 

and a cgi wrapper script

#!/bin/bash . /usr/bin/php-cgi 

and some kind of script is eating our memory and mysql cpu at 100%.

php-cgi does not have logging of executable name scripts. How can i directly find the name of bad .php script ?

3
  • 1
    How do you know it's one script and not just loads of requests to the web server? Can you post what diagnosis and investigation you've done so far. Also, how much memory your server has, output from free, CPU profile of the server, other installed software, what the website is (custom, wordpress, etc.). Basically - without more info the answer is 'investigate your performance issue'. Commented May 4, 2012 at 8:50
  • @EightBitTony there was a breach in security from ftp side. some php scripts were changed and there is no way to detect what exactly files affected. there are more than 10 sites on hosting account so it is not the easy way to search for difference. Commented May 5, 2012 at 5:28
  • Okay, if someone's breached the server, you should trash it and recover from known good backups. Hunting down stuff on a compromised server is like chasing your tail - futile. Commented May 5, 2012 at 22:54

1 Answer 1

0

I think I would start by logging some information in your wrapper script (such as PID, environment variables etc.) and then try to correlate this data to output from other tools such as top.

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.