Identify the Problem
# Quick overview
top -bn1 | head -20
# Sort by CPU usage
top -o %CPU
# More detailed view
htopFind the Offending Process
# Top CPU consumers
ps aux --sort=-%cpu | head -10
# CPU usage by process name
pidstat -u 5 3 # Sample every 5 seconds, 3 timesCommon Causes and Solutions
1. Runaway PHP Process
# Find PHP processes
ps aux | grep php
# Check PHP-FPM status
systemctl status php8.2-fpm
# Kill a specific stuck process
kill -9 PIDFix: Check for infinite loops, unoptimized database queries, or missing indexes.
2. Database Queries
# Check MySQL process list
mysql -e "SHOW PROCESSLIST;"
# Find slow queries
mysql -e "SHOW FULL PROCESSLIST;" | grep -v SleepFix: Add indexes, optimize queries, enable query caching.
3. Bot/Crawler Traffic
# Check web server access logs for high-frequency IPs
awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -rn | head -20Fix: Block abusive IPs with a firewall or use rate limiting.
4. Cryptocurrency Mining Malware
# Check for suspicious processes
top -bn1 | grep -E "(xmrig|minerd|cryptonight)"
# Check crontabs
crontab -l
ls -la /etc/cron.d/Fix: Kill the process, remove from crontab, check for compromised accounts, change all passwords.
Long-Term Monitoring
# Install sysstat for historical data
sudo apt install -y sysstat
# View CPU history
sar -u 1 10 # 10 samples, 1 second apart
# View historical data
sar -u -f /var/log/sysstat/sa$(date +%d -d yesterday)