0

My server OS is centOS. I use Apache for httpd. Every site runs PHP by own user.

One of my sites (let's say that 504domain.com) gives 504 gateway error constantly. Restarting Apache makes the site available for a day. Rarely all the other sites affected by this 504. When 504 happens SSH connection works normally which means it's not a DDoS.

When I htop, I see php-fpm pool processes are running and stopping from all sites by their own user which is normal. But 6 process of 504domain.com php-fpm are running non stop. If I stop httpd, all php-fpm processes are gone as expected but after I restart httpd all 6 processes of 504domain.com are coming back.

Do you thing the site malicious code? How can I find which script is looping?

borayeris
  • 213
  • 1
  • 9
  • Most likely it is something bad in your website, and you should re-install the server from a good known backup. – Tero Kilkanen Nov 01 '18 at 07:27
  • @TeroKilkanen website or server? – borayeris Nov 01 '18 at 12:56
  • Can be both. Common scenario is that your website has had some exploitable vulnerability, and it has been used to compromise your server. The easiest and safest way of action is to deploy a fresh server from known good backups. – Tero Kilkanen Nov 02 '18 at 22:21

0 Answers0