我在 Contabo 买了一个 vps,使用 ubuntu22,安装了 apache2、php、mariadb。有时 apache2 会占用我所有的内存。真的是全部。空闲时,实际上没有任何东西在运行。
图片中有一个 php 进程正在运行,但发生这种情况后,我立即停止了它并重新启动了 apache2,内存在 10 秒内再次达到 8gb。所以我认为这与问题无关,我去年在旧的 vps 上使用过这个 php 脚本。'
我一直启动 apache2,但它占用了 8GB 内存,然后就死机了。我把它关了,大约 30 分钟后又启动了它,一切正常。这是某种攻击吗?这是一个新的 vps,我不认为我是目标,可能是 IP 地址的前所有者。
系统日志:
May 12 18:34:57 vps postfix/smtpd[2489]: connect from unknown[80.91.95.233]
May 12 18:34:59 vps postfix/smtpd[2489]: disconnect from unknown[80.12.95.103] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
May 12 18:35:16 vps kernel: [ 3627.953580] systemd-resolve invoked oom-killer: gfp_mask=0x1100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
May 12 18:35:16 vps kernel: [ 3627.953622] CPU: 0 PID: 426 Comm: systemd-resolve Not tainted 5.15.0-71-generic #78-Ubuntu
May 12 18:35:16 vps kernel: [ 3627.953630] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014
May 12 18:35:16 vps kernel: [ 3627.953636] Call Trace:
May 12 18:35:16 vps kernel: [ 3627.953642] <TASK>
May 12 18:35:16 vps kernel: [ 3627.953689] show_stack+0x52/0x5c
May 12 18:35:16 vps kernel: [ 3627.953746] dump_stack_lvl+0x4a/0x63
May 12 18:35:16 vps kernel: [ 3627.953766] dump_stack+0x10/0x16
May 12 18:35:16 vps kernel: [ 3627.953768] dump_header+0x53/0x228
May 12 18:35:16 vps kernel: [ 3627.953785] oom_kill_process.cold+0xb/0x10
May 12 18:35:16 vps kernel: [ 3627.953788] out_of_memory+0x106/0x2e0
May 12 18:35:16 vps kernel: [ 3627.953814] __alloc_pages_slowpath.constprop.0+0x9b7/0xa80
May 12 18:35:16 vps kernel: [ 3627.953827] __alloc_pages+0x311/0x330
May 12 18:35:16 vps kernel: [ 3627.953830] alloc_pages+0x9e/0x1e0
May 12 18:35:16 vps kernel: [ 3627.953836] __page_cache_alloc+0x7e/0x90
May 12 18:35:16 vps kernel: [ 3627.953838] pagecache_get_page+0x152/0x590
May 12 18:35:16 vps kernel: [ 3627.953841] ? page_cache_ra_unbounded+0x166/0x210
May 12 18:35:16 vps kernel: [ 3627.953847] filemap_fault+0x488/0xab0
May 12 18:35:16 vps kernel: [ 3627.953849] ? filemap_map_pages+0x309/0x400
May 12 18:35:16 vps kernel: [ 3627.953852] __do_fault+0x3c/0x120
May 12 18:35:16 vps kernel: [ 3627.953859] do_read_fault+0xeb/0x160
May 12 18:35:16 vps kernel: [ 3627.953862] do_fault+0xa0/0x2e0
May 12 18:35:16 vps kernel: [ 3627.953864] handle_pte_fault+0x1cd/0x240
May 12 18:35:16 vps kernel: [ 3627.953867] __handle_mm_fault+0x405/0x6f0
May 12 18:35:16 vps kernel: [ 3627.953871] handle_mm_fault+0xd8/0x2c0
May 12 18:35:16 vps kernel: [ 3627.953874] do_user_addr_fault+0x1c9/0x670
May 12 18:35:16 vps kernel: [ 3627.953889] exc_page_fault+0x77/0x170
May 12 18:35:16 vps kernel: [ 3627.953902] asm_exc_page_fault+0x27/0x30
May 12 18:35:16 vps kernel: [ 3627.953909] RIP: 0033:0x7f26b057d170
May 12 18:35:16 vps kernel: [ 3627.953944] Code: Unable to access opcode bytes at RIP 0x7f26b057d146.
May 12 18:35:16 vps kernel: [ 3627.953945] RSP: 002b:00007ffcc57c3dc8 EFLAGS: 00010202
May 12 18:35:16 vps kernel: [ 3627.953951] RAX: 0000000000000000 RBX: 00000000000001fa RCX: 0000000000000038
May 12 18:35:16 vps kernel: [ 3627.953956] RDX: 0000000000000040 RSI: 00000000000001fa RDI: 0000000000000000
May 12 18:35:16 vps kernel: [ 3627.953957] RBP: 00007ffcc57c3e30 R08: 0000000000000038 R09: 0000000000000003
May 12 18:35:16 vps kernel: [ 3627.953958] R10: 000056550016f418 R11: 0000000000000029 R12: 00000000000001fa
May 12 18:35:16 vps kernel: [ 3627.953960] R13: 00007ffcc57c3e2e R14: 000056550016f330 R15: 00007ffcc57c3e2f
May 12 18:35:16 vps kernel: [ 3627.953968] </TASK>
May 12 18:35:16 vps kernel: [ 3627.953972] Mem-Info:
May 12 18:35:16 vps kernel: [ 3627.953979] active_anon:222500 inactive_anon:1752915 isolated_anon:0
May 12 18:35:16 vps kernel: [ 3627.953979] active_file:82 inactive_file:20 isolated_file:0
May 12 18:35:16 vps kernel: [ 3627.953979] unevictable:0 dirty:0 writeback:0
May 12 18:35:16 vps kernel: [ 3627.953979] slab_reclaimable:9682 slab_unreclaimable:7289
May 12 18:35:16 vps kernel: [ 3627.953979] mapped:1332 shmem:1388 pagetables:9526 bounce:0
May 12 18:35:16 vps kernel: [ 3627.953979] kernel_misc_reclaimable:0
May 12 18:35:16 vps kernel: [ 3627.953979] free:25343 free_pcp:0 free_cma:0
May 12 18:35:16 vps kernel: [ 3627.953987] Node 0 active_anon:890000kB inactive_anon:7011660kB active_file:328kB inactive_file:80kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:5328kB dirty:0kB writeback:0kB shmem:5552kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:2928kB pagetables:38104kB all_unreclaimable? yes
May 12 18:35:16 vps kernel: [ 3627.953992] Node 0 DMA free:14336kB min:128kB low:160kB high:192kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
May 12 18:35:16 vps kernel: [ 3627.954001] lowmem_reserve[]: 0 2884 7862 7862 7862
May 12 18:35:16 vps kernel: [ 3627.954005] Node 0 DMA32 free:44528kB min:24744kB low:30928kB high:37112kB reserved_highatomic:0KB active_anon:20900kB inactive_anon:2940008kB active_file:0kB inactive_file:28kB unevictable:0kB writepending:0kB present:3129192kB managed:3027340kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
May 12 18:35:16 vps kernel: [ 3627.954010] lowmem_reserve[]: 0 0 4978 4978 4978
May 12 18:35:16 vps kernel: [ 3627.954014] Node 0 Normal free:42508kB min:42708kB low:53384kB high:64060kB reserved_highatomic:0KB active_anon:868928kB inactive_anon:4071876kB active_file:616kB inactive_file:0kB unevictable:0kB writepending:0kB present:5242880kB managed:5097560kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
May 12 18:35:16 vps kernel: [ 3627.954018] lowmem_reserve[]: 0 0 0 0 0
May 12 18:35:16 vps kernel: [ 3627.954052] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (M) = 14336kB
May 12 18:35:16 vps kernel: [ 3627.954063] Node 0 DMA32: 116*4kB (UM) 116*8kB (UM) 53*16kB (UME) 40*32kB (UM) 18*64kB (UME) 9*128kB (UME) 3*256kB (UE) 7*512kB (UE) 14*1024kB (UME) 2*2048kB (ME) 4*4096kB (M) = 44992kB
May 12 18:35:16 vps kernel: [ 3627.954091] Node 0 Normal: 248*4kB (UME) 166*8kB (UME) 43*16kB (UME) 54*32kB (ME) 17*64kB (UME) 4*128kB (UME) 2*256kB (UE) 4*512kB (UME) 24*1024kB (UM) 5*2048kB (M) 0*4096kB = 43712kB
May 12 18:35:16 vps kernel: [ 3627.954116] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
May 12 18:35:16 vps kernel: [ 3627.954126] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
May 12 18:35:16 vps kernel: [ 3627.954128] 9887 total pagecache pages
May 12 18:35:16 vps kernel: [ 3627.954131] 8351 pages in swap cache
May 12 18:35:16 vps kernel: [ 3627.954132] Swap cache stats: add 4102800, delete 4094427, find 139028/194627
May 12 18:35:16 vps kernel: [ 3627.954134] Free swap = 0kB
May 12 18:35:16 vps kernel: [ 3627.954135] Total swap = 8388604kB
May 12 18:35:16 vps kernel: [ 3627.954136] 2097016 pages RAM
May 12 18:35:16 vps kernel: [ 3627.954137] 0 pages HighMem/MovableOnly
May 12 18:35:16 vps kernel: [ 3627.954137] 61951 pages reserved
May 12 18:35:16 vps kernel: [ 3627.954138] 0 pages hwpoisoned
May 12 18:35:16 vps kernel: [ 3627.954139] Tasks state (memory values in pages):
May 12 18:35:16 vps kernel: [ 3627.954139] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name
May 12 18:35:16 vps kernel: [ 3627.954144] [ 255] 0 255 5855 661 77824 184 -250 systemd-journal
May 12 18:35:16 vps kernel: [ 3627.954152] [ 294] 0 294 6334 14 73728 390 -1000 systemd-udevd
May 12 18:35:16 vps kernel: [ 3627.954156] [ 415] 100 415 4030 40 69632 209 0 systemd-network
May 12 18:35:16 vps kernel: [ 3627.954159] [ 420] 102 420 22339 41 69632 173 0 systemd-timesyn
May 12 18:35:16 vps kernel: [ 3627.954161] [ 426] 101 426 6350 114 94208 917 0 systemd-resolve
May 12 18:35:16 vps kernel: [ 3627.954164] [ 428] 0 428 59972 55 90112 162 0 accounts-daemon
May 12 18:35:16 vps kernel: [ 3627.954166] [ 429] 0 429 2373 26 53248 38 0 cron
May 12 18:35:16 vps kernel: [ 3627.954168] [ 430] 103 430 2148 80 57344 92 -900 dbus-daemon
May 12 18:35:16 vps kernel: [ 3627.954171] [ 436] 0 436 20691 50 57344 40 0 irqbalance
May 12 18:35:16 vps kernel: [ 3627.954174] [ 437] 0 437 8845 54 102400 2103 0 networkd-dispat
May 12 18:35:16 vps kernel: [ 3627.954176] [ 438] 104 438 55601 89 81920 288 0 rsyslogd
May 12 18:35:16 vps kernel: [ 3627.954179] [ 439] 0 439 3836 100 69632 151 0 systemd-logind
May 12 18:35:16 vps kernel: [ 3627.954181] [ 460] 0 460 58622 82 94208 127 0 polkitd
May 12 18:35:16 vps kernel: [ 3627.954183] [ 469] 0 469 28087 128 114688 1904 0 unattended-upgr
May 12 18:35:16 vps kernel: [ 3627.954185] [ 479] 0 479 2193 12 53248 9 0 agetty
May 12 18:35:16 vps kernel: [ 3627.954188] [ 495] 0 495 3856 42 69632 367 -1000 sshd
May 12 18:35:16 vps kernel: [ 3627.954190] [ 522] 110 522 709199 147108 2666496 149316 0 mariadbd
May 12 18:35:16 vps kernel: [ 3627.954194] [ 604] 0 604 4307 100 77824 524 0 sshd
May 12 18:35:16 vps kernel: [ 3627.954196] [ 607] 0 607 4232 20 69632 348 0 systemd
May 12 18:35:16 vps kernel: [ 3627.954198] [ 608] 0 608 25829 189 90112 641 0 (sd-pam)
May 12 18:35:16 vps kernel: [ 3627.954200] [ 631] 0 631 1972 43 57344 253 0 sftp-server
May 12 18:35:16 vps kernel: [ 3627.954203] [ 661] 0 661 4301 1 77824 608 0 sshd
May 12 18:35:16 vps kernel: [ 3627.954205] [ 681] 0 681 2813 2 65536 402 0 bash
May 12 18:35:16 vps kernel: [ 3627.954207] [ 703] 0 703 579185 107661 4460544 421389 0 php
May 12 18:35:16 vps kernel: [ 3627.954210] [ 709] 0 709 4302 60 73728 551 0 sshd
May 12 18:35:16 vps kernel: [ 3627.954212] [ 729] 0 729 2813 57 61440 349 0 bash
May 12 18:35:16 vps kernel: [ 3627.954215] [ 1270] 0 1270 10305 15 73728 144 0 master
May 12 18:35:16 vps kernel: [ 3627.954217] [ 1271] 109 1271 10388 5 73728 160 0 pickup
May 12 18:35:16 vps kernel: [ 3627.954220] [ 1272] 109 1272 10435 0 73728 176 0 qmgr
May 12 18:35:16 vps kernel: [ 3627.954223] [ 1292] 109 1292 11830 15 86016 416 0 tlsmgr
May 12 18:35:16 vps kernel: [ 3627.954237] [ 1293] 109 1293 10387 30 69632 136 0 anvil
May 12 18:35:16 vps kernel: [ 3627.954240] [ 1517] 0 1517 4305 11 77824 599 0 sshd
May 12 18:35:16 vps kernel: [ 3627.954242] [ 1539] 0 1539 2492 42 57344 31 0 bash
May 12 18:35:16 vps kernel: [ 3627.954262] [ 1559] 0 1559 4306 95 69632 525 0 sshd
May 12 18:35:16 vps kernel: [ 3627.954264] [ 1580] 0 1580 1968 53 53248 248 0 sftp-server
May 12 18:35:16 vps kernel: [ 3627.954277] [ 1977] 109 1977 11983 68 81920 449 0 smtpd
May 12 18:35:16 vps kernel: [ 3627.954279] [ 2094] 0 2094 65540 897 221184 2044 0 apache2
May 12 18:35:16 vps kernel: [ 3627.954281] [ 2095] 33 2095 65704 379 225280 2145 0 apache2
May 12 18:35:16 vps kernel: [ 3627.954284] [ 2096] 33 2096 3367635 1704713 26697728 1506468 0 apache2
May 12 18:35:16 vps kernel: [ 3627.954287] [ 2097] 33 2097 65705 240 225280 2131 0 apache2
May 12 18:35:16 vps kernel: [ 3627.954289] [ 2098] 33 2098 65698 226 196608 2098 0 apache2
May 12 18:35:16 vps kernel: [ 3627.954291] [ 2099] 33 2099 65706 291 225280 2135 0 apache2
May 12 18:35:16 vps kernel: [ 3627.954293] [ 2108] 33 2108 65704 292 225280 2132 0 apache2
May 12 18:35:16 vps kernel: [ 3627.954295] [ 2133] 33 2133 65705 279 225280 2132 0 apache2
May 12 18:35:16 vps kernel: [ 3627.954297] [ 2134] 33 2134 65706 833 225280 2205 0 apache2
May 12 18:35:16 vps kernel: [ 3627.954299] [ 2135] 33 2135 65704 278 225280 2133 0 apache2
May 12 18:35:16 vps kernel: [ 3627.954302] [ 2360] 0 2360 2972 406 61440 106 0 htop
May 12 18:35:16 vps kernel: [ 3627.954305] [ 2489] 109 2489 11983 64 86016 446 0 smtpd
May 12 18:35:16 vps kernel: [ 3627.954307] [ 2495] 109 2495 11983 447 90112 69 0 smtpd
May 12 18:35:16 vps kernel: [ 3627.954310] [ 2516] 0 2516 3231 13 57344 191 0 cron
May 12 18:35:16 vps kernel: [ 3627.954312] [ 2522] 0 2522 722 0 45056 25 0 sh
May 12 18:35:16 vps kernel: [ 3627.954314] [ 2524] 0 2524 3522 0 73728 215 0 sudo
May 12 18:35:16 vps kernel: [ 3627.954316] [ 2538] 0 2538 25069 16 98304 722 0 curl
May 12 18:35:16 vps kernel: [ 3627.954318] [ 2635] 0 2635 3231 196 57344 8 0 cron
May 12 18:35:16 vps kernel: [ 3627.954321] [ 2636] 0 2636 3231 196 57344 8 0 cron
May 12 18:35:16 vps kernel: [ 3627.954323] [ 2637] 0 2637 3231 196 57344 8 0 cron
May 12 18:35:16 vps kernel: [ 3627.954326] [ 2638] 0 2638 722 22 45056 0 0 sh
May 12 18:35:16 vps kernel: [ 3627.954328] [ 2639] 0 2639 3523 213 69632 0 0 sudo
May 12 18:35:16 vps kernel: [ 3627.954330] [ 2640] 0 2640 722 24 45056 0 0 sh
May 12 18:35:16 vps kernel: [ 3627.954332] [ 2641] 0 2641 3522 212 65536 0 0 sudo
May 12 18:35:16 vps kernel: [ 3627.954334] [ 2642] 0 2642 722 24 45056 0 0 sh
May 12 18:35:16 vps kernel: [ 3627.954336] [ 2643] 0 2643 3522 214 65536 0 0 sudo
May 12 18:35:16 vps kernel: [ 3627.954339] [ 2644] 0 2644 25069 738 94208 0 0 curl
May 12 18:35:16 vps kernel: [ 3627.954341] [ 2645] 0 2645 25069 739 98304 0 0 curl
May 12 18:35:16 vps kernel: [ 3627.954343] [ 2646] 0 2646 25069 738 90112 0 0 curl
May 12 18:35:16 vps kernel: [ 3627.954348] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/apache2.service,task=apache2,pid=2096,uid=33
May 12 18:35:16 vps kernel: [ 3627.954398] Out of memory: Killed process 2096 (apache2) total-vm:13470540kB, anon-rss:6815944kB, file-rss:0kB, shmem-rss:2908kB, UID:33 pgtables:26072kB oom_score_adj:0
May 12 18:35:16 vps postfix/smtpd[2495]: connect from unknown[80.94.95.203]
May 12 18:35:16 vps systemd[1]: apache2.service: A process of this unit has been killed by the OOM killer.
May 12 18:35:18 vps systemd[1]: apache2.service: Failed with result 'oom-kill'.
May 12 18:35:18 vps systemd[1]: apache2.service: Consumed 36.476s CPU time.
May 12 18:35:18 vps systemd[1]: system.slice: A process of this unit has been killed by the OOM killer.
May 12 18:35:18 vps postfix/smtpd[1977]: connect from unknown[141.98.10.121]
May 12 18:35:18 vps postfix/smtpd[1977]: disconnect from unknown[141.91.10.151] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
May 12 18:35:19 vps postfix/smtpd[2495]: disconnect from unknown[80.93.95.203] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
May 12 18:35:34 vps postfix/smtpd[2489]: connect from unknown[80.94.91.2
当时访问日志实际上是空的。所以我不确定那是什么,是不是某种攻击。
请告诉我是否应该附加更多日志或信息。
编辑:在 php.ini 中我更改了这些:
memory_limit = 1024M,
max_execution_time = -1
在 mariadb 配置中我更改了这些:
key_buffer_size = 256M
max_allowed_packet = 1024M
innodb_log_file_size = 1024M
innodb_buffer_pool_size = 1024M
(在 apache 设置中,我没有改变任何东西)