By warrenlee
Hi all, I have a droplet used for hosting multiple web site and recently my CPU has reached 100% constantly these past few days and I have not touched the server for a while.
Installed are nginx, php, mysql, cron and docker.
I have used the top command and found there’s a process using a command called mh
| PID | USER | PR | NI | VIRT | RES | SHR | S | %CPU | %MEM | TIME+ | COMMAND |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 5208 | 82 | 20 | 0 | 855300 | 884 | 56 | S | 99.3 | 0.1 | 6:43.80 | mh |
I have tried rebooting the server, restarting cron, restarting docker, killing the process but it keeps coming back.
Has anyone got any idea whats happening or how to prevent this?
Appreciated
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi,
I can’t learn much from your description,but there is a sample for you that once happened on me.Your server may be attacked,like DoS or CC.I think you’d better protect your server by using floating ip and try CloudFlare to avoid being that.And,change the password and the login port.Dont use 22 as the port.
Have a nice day.
Shiroka
Hello,
I think that the mh command is this MisterHouse Perl script here:
https://github.com/hollie/misterhouse
What I could suggest is running ps and checking out the full command:
sudo ps -aux | grep "mh"
That way you would be able to see the full command that is running rather than just the mh output.
Then you could go from there and decide if this is something that you need or not.
If you don’t need this service, you could remove it from your system.
Feel free to share the output of the ps command here.
Regards, Bobby
For cpu at 100% most of the times is caused by ddos attacks. A good starting point would be to check your apache or nginx logs if using apache or nginx. The install fail2ban and start banning ip addresses which are generating weird get or post requests.
First clear all your current logs and then start watching the logs to see whats generating fast logs and you can initially ban then using ufw then later use the log to generate a fail2ban regex which should block such cases in the future.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.