Causes of high load on VPS

Causes of high load on VPS

Author: HostZealot Team
2 min.

Due to an excessive increase in load, the virtual server can begin to "suffocate" - it simply will not have time to process all incoming requests and perform the assigned tasks. As a consequence, there will be delays in the server, and the loading speed of the site pages will decrease to unacceptable values. In this article, we will talk about what causes can provoke this, how to conduct an analysis to assess the load on the VPS server, and what are the ways to solve the problem.

Analyzing server performance

First of all, it is worth considering and eliminating the most obvious and natural reasons for the load on the VPS is consistently one hundred percent:

  1. A large increase in the number of visitors to the site. If the marketing strategy works, the number of visitors is sure to increase, and at the same time, the load on the server infrastructure increases. You can view information and statistics on traffic in any control panel, e.g. ISPmanager or cPanel. Both panels contain a toolkit for collecting statistical data, you just need to go to the section with the corresponding metrics.
  2. Poor optimization of the software. If services and utilities on the server are improperly configured, it may well provoke conflicts and glitches in the server, up to and including memory leaks.
  3. The malicious actions of hackers - DoS or DDoS attacks. In this case, malicious bots may well bring the server to a state of failure, making it impossible for bona fide visitors to access the site.

The natural growth of traffic from DDoS is quite easy to distinguish - in the case of a targeted attack, the number of visitors increases several times almost instantly. This is not the case with natural growth, because in this case, the graph of traffic growth will be smooth.

If the high load on the server is due to natural causes, the solution is one - to scale capacity. It is necessary to contact the hosting provider and negotiate to increase the hardware capacity of the server - CPU, RAM, etc.

NIX Utilities

The statistics section is built into almost all control panels, but sometimes this data is not enough for a more in-depth analysis of the server. The ideal tool in this regard is the *NIX utilities - to get detailed information about the server in real-time, you need to enter the top command into the console. Not all distributions contain this utility by default, so you may need to install it first. For Ubuntu the command will look like this:

$ sudo apt install top

You can run it with the same command

$ top

Now let's go over its main options, which may be useful to you when analyzing the server:

  • -v - find out the software version;
  • -b - in this mode the program will only output data and will not be available for entering interactive commands;
  • -c - show the path to the executable command files;
  • -H - activate output of the processes threads;
  • -i - to hide processes that do not use processor resources, it helps to sift out unnecessary things and reduce search time;
  • -o - a field to sort processes by;
  • -O - displays all available fields;
  • -p - tracks processes by PID, you can specify several at once;
  • -u -displays only processes run by a specified user.

After starting the utility you will see detailed statistics on the CPU and RAM load, the number of running processes, as well as information on the amount of free and occupied physical memory on the server. You can use the above buttons to activate the necessary options for filtering and monitoring processes.


Apache is software that hosts web servers. It is a link between the user and the server - as soon as a person visits a website page and makes a request, Apache comes into play - it finds the data it is looking for and sends them back to the user. The same principle works in the opposite direction.

One possible scenario for using Apache is to collect and analyze statistics on the load on the processor and other server components. But the main advantage of the webserver is that its modules can detect incorrectly running scripts which may also cause a high load on the server. A developer or a system administrator, if they have the necessary experience, will be able to debug them. For tracing it is necessary to use xdebug or xhprof extensions.

The Apache web server is well suited for hosting large projects and is compatible with CentOS, Debian, FreeBSD and any other servers. Thanks to the modular structure of the software at any time you can load individual elements, extending the standard functionality as needed. There are over 500 modules available for Apache. Popular web applications are often provided as modules for Apache - for example, ISPmanager and VDSmanager control panels.

The only nuance is that a certain level of IT literacy is required to work competently with Apache. At least the basics of basic programming and web server administration will be required.

Log files

Advanced administrators can use logs - files that log all events on the server. Log files can belong to categories of applications, events, services, and system, and each of these categories can in theory be the cause of increased load on VPS server. Typically, on Linux-like systems, logs are located in the /var/log directory. Here is some information about those logs that may be useful for you to determine the causes of increased load on the server:

  • /var/log/syslog or /var/log/messages - this contains the global system log, where records are kept starting from the first system start. Records are kept about the Linux kernel, various services, detected devices, network interfaces, etc.
  • /var/log/auth.log or /var/log/secure - records information about user authorization, both successful and unsuccessful attempts, specifying the authentication method.
  • /var/log/dmesg - Data on device drivers. This log is limited in size and when it has reached its limit, old messages will be overwritten by newer ones. With the --level= switch, the administrator can filter the data according to importance.
  • /var/log/boot.log - contains data about events that happen when the OS starts up. It may be useful for detecting hidden viruses in the autorun.
  • /var/log/cron - very useful report of the cron service, containing data about the executed commands and messages from those commands.
  • /var/log/faillog - Information about failed login attempts. Extremely useful for identifying threats, security holes, hacker attacks, and brute force attacks - especially if you do not have SSH authentication enabled. The faillog command is used to access the content.
  • var/log/kern.log - This contains messages from the kernel and warnings. They can be used when troubleshooting errors in modules that are built into the kernel system.
  • /var/log/maillog/ or /var/log/mail.log - information on the mail server.

Manually examining the logs is a painful but rewarding task, because in theory, it allows you to identify the smallest errors in order to eliminate them in the future and optimize the VPS.

causes of high load on vps

The main causes of server load

Let's consider one by one all the main and most common causes that can provoke an increased load on the server.

Incorrect configuration of web server restrictions

You can check if your limits are configured correctly by monitoring the values of MaxClients and MaxSpareServers. To see them, you need to enter the console command top, which we described in detail above.

You can calculate the optimal values with a simple formula:

MaxClients = M*0.8/H

Where M is the total amount of memory, and H is the amount of memory consumed by a single web process. The optimal values should not be higher than 10. You can use the appropriate Apache configuration file to limit this:

  • On Debian — /etc/apache2/apache2.conf;
  • On Centos — etc/httpd/conf/httpd.conf;
  • On FreeBSD — /usr/local/etc/apache22/extra/httpd-mpm.conf.

Setting values too low is also not worth it, otherwise, incoming and outgoing requests will not be able to run at a normal speed, or will be suspended at all. These files should be configured carefully while keeping in mind how many resources you have on your virtual server, and how to distribute them properly to optimize their performance.

To make it clearer, let's look at an example. Suppose we have a server with 16 GB of RAM. Two-thirds of the 16GB is 10.6GB. On average one process on a web server consumes about 40-60 MB of memory. We divide 10600 by 60 and get 176 Mb, round it down, and put in a value of 175. As a result, a block of a configuration file for Apache should look like this:

StartServers 5

MinSpareServers 5

MaxSpareServers 20

MaxClients 175

MaxRequestsPerChild 0

A little bit of explanation beforehand. The StartServers parameter specifies the number of child processes that are created when the server starts. MinSpareServers is the minimum number of unused child processes that are waiting for a potential request. MaxSpareServers is the same, only it is the maximum number of spare processes. The most important parameter here is MaxClients, this is the first one to pay attention to, because it defines the upper limit of simultaneously running processes.

Parameter MaxRequestsPerChild is worth mentioning separately: it sets the limit on the number of connections a child process can handle. It is very useful for memory leaks on the Apache server and its libraries. Usually specify 0, because other values can cause malfunction of the webserver.


A method that competitors or simply ill-wishers can use to spike the load on a particular server with one single goal - to bring it to failure and make the site inaccessible to users. Protecting yourself from DDoS can be done in different ways, but the simplest is to close all but three ports:

  • 80 (HTTP) and 443 (HTTPS) - these ports are used by visitors to your site.
  • SSH - it is used by the administrator, and it cannot become a vulnerability in case of DDoS, unless the hacker knows the number of this port. For this reason, it is advisable to reassign it from the standard 22 to some five-digit number such as 58941.

Simply put, you should make sure that only ports, protocols, or applications with which the administrator has provided access to the application or resources. You should also take care to implement three basic methods of DDoS protection: at the edge of the network, with a local cleaning center, and by redirecting traffic to the cloud.

Huge attendance at the project

A positive and quite natural reason - if your project is successfully growing and developing, the increase in visitors to the site will inevitably provoke an increase in server load, up to the appearance of performance problems. The solution is simple - to scale capacity, move to a more powerful VPS. If you have any questions, please contact HostZealot specialists and we will tell you everything you need to know in detail.

Sometimes high traffic can be caused by bots, which will not do you any good by increasing traffic but will consume a decent amount of resources. To protect VPS from them you can use robots.txt or .htaccess file.

Scripts not working properly

A suboptimal distribution of resources between the scripts may well cause delays and slow down the server, as we mentioned earlier. You can use the xdebug or xhprof extensions to monitor and debug "crooked" scripts. You can also install nginx in conjunction with APC.

MySQL creates load on storage

When there is not enough free space in the buffer to execute complex processes, the server will refer to the disk to place temporary files on it. To solve this problem you should increase the memory size allocated for temporary tables tmp_table_size and max_heap_table_size through the my.cnf settings file.

Try to set it to 32 MB and see how the Created_tmp_disk_tables variable behaves - the lower it is, the better.

MySQL creates load on CPU

In this case, the problem may be caused by problematic indexes or tables - you should check the logs and tables in phpMyAdmin.

The mail server creates the load

If your server is infected with malware, it can start sending spam to hundreds of different addresses, all at the expense of your server capacity. Here's what you should do:

  1. Check the outgoing email queue.
  2. Scan your system for viruses and other threats.
  3. Change all passwords to more complex ones.

It could also be that your users send a large number of emails on purpose, so this is also worth checking.

Tar and gzip creates the load

Incorrectly configured backups can cause a load on the server at the most inopportune times. To avoid such mishaps, you can disable or reconfigure the feature so that data is backed up during hours when the load on the site is minimal.

Unknown processes

The most unpredictable situation is when it is impossible to determine for sure what processes load the web server. This happens most often as a result of a hack, so you need to urgently take all measures to eliminate the threat and improve the security of the server:

  • check the file system for viruses;
  • examine the logs;
  • change all passwords to more complex ones;
  • check VPS for shells;
  • update CMS version on your VPS.

You can also contact the hosting administrator to get more detailed advice and help with the solution to your situation.

Related Articles