0

We have apache2 web server installed with php in fastcgi

Action application/x-httpd-php "/cgi-wrapper/fastcgi-wrapper"
<Location /cgi-wrapper/fastcgi-wrapper>
    Options +ExecCGI
    SetHandler fcgid-script
</Location>
<Location /cgi-wrapper/php-ssi-wrapper>
    Options +ExecCGI
    SetOutputFilter Includes
</Location>
SuexecUserGroup u4686 u4686
ScriptAlias /cgi-wrapper/ /var/www/xxx/

and a cgi wrapper script

#!/bin/bash 
. /usr/bin/php-cgi

and some kind of script is eating our memory and mysql cpu at 100%.

php-cgi does not have logging of executable name scripts. How can i directly find the name of bad .php script ?

dima.h
  • 145
  • 1
  • 6
  • 1
    How do you know it's one script and not just loads of requests to the web server? Can you post what diagnosis and investigation you've done so far. Also, how much memory your server has, output from free, CPU profile of the server, other installed software, what the website is (custom, wordpress, etc.). Basically - without more info the answer is 'investigate your performance issue'. – EightBitTony May 04 '12 at 08:50
  • @EightBitTony there was a breach in security from ftp side. some php scripts were changed and there is no way to detect what exactly files affected. there are more than 10 sites on hosting account so it is not the easy way to search for difference. – dima.h May 05 '12 at 05:28
  • Okay, if someone's breached the server, you should trash it and recover from known good backups. Hunting down stuff on a compromised server is like chasing your tail - futile. – EightBitTony May 05 '12 at 22:54

1 Answers1

0

I think I would start by logging some information in your wrapper script (such as PID, environment variables etc.) and then try to correlate this data to output from other tools such as top.

Oliver
  • 5,883
  • 23
  • 32