执行 php-fpm 文件导致 CPU 使用率达到 100%

执行 php-fpm 文件导致 CPU 使用率达到 100%

我正在运行一个电子商务/LMS wordpress 网站,该网站配备 2 核 CPU、4G 内存和 4Gswap、100G 磁盘空间服务器以及 CentOS 网络管理面板。

今天,在从客户端收到几个 http 502 报告后,我突然注意到使用此命令执行了 14 个 php 文件,其中 2 个在 index.php(nginx)上,12 个在我的 wordfence wflogs php 文件(php-fpm)上watch -n1 "lsof | grep '\.php'"

重新启动 nginx 和 php-fpm 服务器后,执行的 php 文件就会消失,但重新连接到网站后,2 分钟内问题又会出现。

进一步调查后,我有自定义的 php-fpm74 php.ini 和 nginx.conf,我删除了它们并重新安装。问题仍然存在

每次重启后,前几次刷新时,我都可以看到所有 php 文件都被执行然后被删除,但刷新几次后,我会得到一个打开的 php 文件列表,其中有以下内容

nginx      1893          nobody   38r      REG              253,2        405       7357 /home/azc/public_html/index.php
nginx      1893          nobody   42r      REG              253,2       5543      93120 /home/azc/public_html/wp-cron.php
nginx      1894          nobody   38r      REG              253,2        405       7357 /home/azc/public_html/index.php
php-fpm    2784         azc    6u      REG              253,2         51      98078 /home/azc/public_html/wp-content/wflogs/ips.php
php-fpm    2784         azc    7u      REG              253,2        560      58362 /home/azc/public_html/wp-content/wflogs/config.php
php-fpm    2784         azc    8u      REG              253,2      40083      99496 /home/azc/public_html/wp-content/wflogs/attack-data.php
php-fpm    2784         azc    9u      REG              253,2      16502      29005 /home/azc/public_html/wp-content/wflogs/config-synced.php
php-fpm    2784         azc   10u      REG              253,2       5656     100459 /home/azc/public_html/wp-content/wflogs/config-livewaf.php
php-fpm    2784         azc   11u      REG              253,2    1402945      99209 /home/azc/public_html/wp-content/wflogs/config-transient.php

如果我多次重新连接到ctrl+shift+R我的网站,其中许多都没有关闭,然后服务器开始返回 502。我已经安装了 Aapache、PHP-CGI,但不幸的是我无法运行该网站,所以我决定专注于这个问题。

服务版本:

  • Centos 7
  • Nginx 1.22.1
  • PHP-FPM 7.4.32
  • WordPress 6.1.1
  • Wordfence 插件 7.8

站点 azc-fpm 配置

[azc]
listen = /opt/alt/php-fpm74/usr/var/sockets/azc.sock
listen.allowed_clients = 127.0.0.1

;listen.owner = "azc"
listen.group = "nobody"
listen.mode = 0660
user = "azc"
group = "azc"

request_slowlog_timeout = 15s
slowlog = /opt/alt/php-fpm74/usr/var/log/php-fpm-slowlog-azc.log

pm = ondemand
pm.max_children = 4
pm.max_requests = 4000
pm.process_idle_timeout = 15s

;listen.backlog = -1
;request_terminate_timeout = 0s
rlimit_files = 131072
rlimit_core = unlimited
catch_workers_output = yes

env[HOSTNAME] = $HOSTNAME
env[TMP] = /home/azc/tmp
env[TMPDIR] = /home/azc/tmp
env[TEMP] = /home/azc/tmp
env[PATH] = /usr/local/bin:/usr/bin:/bin

php-fpm.conf 本身(因为我正在运行 centos web 面板,它的 cwpsvc.conf)

[cwpsvc]
listen = /opt/alt/php-fpm74/usr/var/sockets/cwpsvc.sock
listen.owner = cwpsvc
listen.group = cwpsvc
listen.mode = 0640
user = cwpsvc
group = cwpsvc
;request_slowlog_timeout = 5s
;slowlog = /opt/alt/php-fpm74/usr/var/log/php-fpm-slowlog-cwpsvc.log
listen.allowed_clients = 127.0.0.1
pm = ondemand
pm.max_children = 25
pm.process_idle_timeout = 15s
;listen.backlog = -1
request_terminate_timeout = 0s
rlimit_files = 131073
rlimit_core = unlimited
catch_workers_output = yes
env[HOSTNAME] = $HOSTNAME
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

网站 Nginx 配置

erver {
        listen x.x.x.x:443 ssl ;
        server_name azc.com  www.azc.com;
        root /home/azc/public_html;
        index index.php index.html index.htm;
        access_log /usr/local/apache/domlogs/azc.com.bytes bytes;
        access_log /usr/local/apache/domlogs/azc.com.log combined;
        error_log /usr/local/apache/domlogs/azc.com.error.log error;

        ssl_certificate      /etc/pki/tls/certs/azc.com.bundle;
        ssl_certificate_key  /etc/pki/tls/private/azc.com.key;
        ssl_protocols TLSv1.2;
        ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eN$
        ssl_prefer_server_ciphers   on;

        ssl_session_cache   shared:SSL:10m;
        ssl_session_timeout 60m;

        location / {
                try_files $uri $uri/ /index.php?$args;
                add_header Strict-Transport-Security "max-age=31536000";
                add_header X-XSS-Protection "1; mode=block" always;
                add_header X-Content-Type-Options "nosniff" always;

                location ~.*\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
                        expires max;
                }

                location ~ [^/]\.php(/|$) {
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        if (!-f $document_root$fastcgi_script_name) {
                                return  404;
                        }

                        fastcgi_pass    unix:/opt/alt/php-fpm74/usr/var/sockets/azc.sock;
                        fastcgi_index   index.php;
                        include         /etc/nginx/fastcgi_params;
                }
        location ~* "/\.(htaccess|htpasswd)$" {deny all;return 404;}

        disable_symlinks if_not_owner from=/home/azc/public_html;

        location /.well-known/acme-challenge {
                default_type "text/plain";
                alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
        }

        location /.well-known/pki-validation {
                default_type "text/plain";
                alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
        }
}

网站的 PHP-FPM slowLog

[29-Nov-2022 09:12:23]  [pool azc] pid 20575
script_filename = /home/azc/public_html/wp-admin/admin-ajax.php
[0x00007f856ca13df0] curl_exec() /home/azc/public_html/wp-includes/class-requests.php:381
[0x00007f856ca13870] request() /home/azc/public_html/wp-includes/class-wp-http.php:395
[0x00007f856ca136e0] request() /home/azc/public_html/wp-includes/class-wp-http.php:633
[0x00007f856ca13640] get() /home/azc/public_html/wp-includes/http.php:162
[0x00007f856ca135b0] wp_remote_get() /home/azc/public_html/wp-content/plugins/wp-rocket/inc/Engine/Preload/AbstractProcess.php:202
[0x00007f856ca13510] preload() /home/azc/public_html/wp-content/plugins/wp-rocket/inc/Engine/Preload/AbstractProcess.php:159
[0x00007f856ca13480] maybe_preload() /home/azc/public_html/wp-content/plugins/wp-rocket/inc/Engine/Preload/PartialProcess.php:41
[0x00007f856ca13420] task() /home/azc/public_html/wp-content/plugins/wp-rocket/inc/classes/dependencies/wp-media/background-processing/wp-background-process.php:315
[0x00007f856ca13370] handle() /home/azc/public_html/wp-content/plugins/wp-rocket/inc/classes/dependencies/wp-media/background-processing/wp-background-process.php:$
[0x00007f856ca13300] maybe_handle() /home/azc/public_html/wp-includes/class-wp-hook.php:308
[0x00007f856ca13220] apply_filters() /home/azc/public_html/wp-includes/class-wp-hook.php:332
[0x00007f856ca131b0] do_action() /home/azc/public_html/wp-includes/plugin.php:517
[0x00007f856ca130d0] do_action() /home/azc/public_html/wp-admin/admin-ajax.php:203

谢谢你的帮助

相关内容