Identifying the Cause
# Quick overview
uptime
# Load average above your CPU count = overloaded
# Find CPU-hungry processes
top -b -n 1 | head -20
# Sort by CPU in htop
htop # Press F6, select PERCENT_CPU
Common Causes
- Runaway process — a script or application stuck in a loop
- High traffic — web server handling too many requests
- Database queries — unoptimized queries consuming CPU
- Malware — cryptocurrency miners are common on compromised servers
Investigation Steps
# Check what a process is doing
strace -p PID -c # System call summary
# Check process details
ls -la /proc/PID/exe # What binary is running
cat /proc/PID/cmdline | tr '\0' ' ' # Full command line
# Per-CPU breakdown
mpstat -P ALL 1 5
# Check for cryptocurrency miners
ps aux | grep -iE "xmrig|minerd|cryptonight"
Immediate Remediation
# Lower process priority
renice -n 19 -p PID
# Limit CPU usage with cgroups
sudo apt install -y cgroup-tools
sudo cgcreate -g cpu:/limited
echo 50000 | sudo tee /sys/fs/cgroup/cpu/limited/cpu.cfs_quota_us
sudo cgclassify -g cpu:/limited PID
# Kill the process if necessary
kill -TERM PID
# If unresponsive after 10 seconds:
kill -9 PID