DigitalOcean

Report this

What is the reason for this report?
Question

Weird spikey CPU load curve over 90 minutes

Posted on December 4, 2015
Monitoring
DigitalOcean
Ubuntu
4e3b97994aa14af2be3faa0a0b3ed8

By 4e3b97994aa14af2be3faa0a0b3ed8

Yesterday, I found my Asterisk server was getting hammered by someone trying to hack their way in. So I closed of ALL ports except ssh for my IP, and the IP of the server I peer too. Instant load reduction, all good.

But this afternoon, I noticed this very weirdly shaped CPU load graph - I don’t think it’s incoming packets getting blocked, otherwise the network traffic would be increased too, correct?

I checked all the logs - no logins, nothing in the error log… I’m baffled by the shape of it too! Screenshot: https://www.dropbox.com/s/5g8kl6nm95x1tqv/ScreenClip [6].png?dl=0



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Jonathan Tittle
Jonathan Tittle
December 4, 2015

@jonathan

It very well could be from repeated attempts to continue an attack where the previous left off. Even if a rule or set of rules is/are in place, that doesn’t mean that CPU, or resources in general, will not be used. If it is indeed an attack, in my experience (spanning ~15 years), only a handful only try once and call it a day. If someone is truly trying to get in, they’ll keep trying until a). they get bored or; b). they no longer see it as a fruitful event.

As for a potential increase in network usage, it really depends. In most cases, you would see a spike, though if we’re potentially looking at a small brute force attempt being repeated, perhaps not.

Beyond that, I would check top and check the value of wa, which would reference I/O. If that value is spiking, you may want to install something such as iotop (similar to top but specifically for io) and run it (like top, you’d simply run iotop from the CLI) to get a slightly more in-depth look at what is causing the IO to rise.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.