Q: Hosting too many sites on Yosemite Server?
-
Jan 2, 2016 1:56 PMby scottl31,I can't find any evidence of a breach, which of course doesn't mean there isn't one. But I've gotten pretty good at finding clues to a breach.
One thing I notice is a lot of crawler activity in the logs, like from bing, google, and others. Could it be that they are all crawling multiple sites at once and causing intermittent overload?
Mysql isn't quite the latest. I went to install it, but had a problem, so I reverted from a backup as I didn't want the sites offline for too long.
I just think it's peculiar that the green dot next to some sites in server app goes off after a while (days), but the site still works or is on line.Could this just be an anomaly in the server app itself?
-
Jan 2, 2016 5:06 PMby MrHoffman,Ten or twenty pages crawled per second should not be noticeable on most any Mac, unless there's a serious configuration error with WordPress or its caching, or a problem with the system. Which is why you're here.
Check the web server logs for clues around what's going on. Console.app is usually a pretty good starting point for that. Also confirm that your system is not tossing hard disk errors or other problems, that you're not low on memory or storage, and I'd probably have a look through the Etrecheck report to see if there's anything odd installed.
You'll want to figure out what happened with the MySQL upgrade, too.
You have access to the system and its configuration. Time to start digging around...
-
Jan 2, 2016 7:48 PMby scottl31,Yes, I haven't found anything better than console for studying logs. And I do it every day as part of my days work, looking for any possible hacker activity. But I'm just not seeing anything wrong or anything to be even slightly suspicious of.
It's a 2.6ghz i5 with 16 gB ram and 197 GB available on HD. Seems OK to me. What do you think?
On the mysql update, I think I used a wrong package or a wrong item in the install.
I'm not familiar with the Etrecheck report. What is that and where do I find it?
Thanks!
-
Jan 3, 2016 1:42 AMby Leopardus,Etrecheck is a small utility which can be downloaded from www.etresoft.com. It was written and is maintained by a respected poster/member of the ASC and will display the configuration of your system, including software. It will tell you exactly what is loaded and running. The report is anonymous.
My apologies to MrHoffman, for meddling, just thought that the OP can do that in the meantime.
Leo
-
Jan 3, 2016 8:31 AMby MrHoffman,A dedicated i5-class box with 16 GB RAM and a decent amount of free disk space should probably be limited by your network uplink — well, assuming you're not using a gigabit-grade gonzo uplink — in terms of its theoretical performance. I've run some decently busy Drupal web sites on smaller boxes.
WordPress and most content management systems can be optimized by enabling or adding caching, this particularly if Activity Monitor or the command-line top command or other tools indicate high processor or disk I/O activity. (Caveat: I'm much more familiar with Drupal and don't run WordPress locally, and am not in a position to comment on the overhead that WordPress sites might expect to incur.)
MySQL can also have both reasonable settings and configurations, or can get itself into a tangle.
What happens here? If you have lots of available CPU and your network isn't saturated and there's disk bandwidth available and you are getting MySQL timeouts, database contention is then a reasonable suspect, as is a lack of caching. (The WordPress folks will undoubtedly know how to get some performance data and some database counts out of that software, too.)
After getting a baseline with Etrecheck for oddities or errors or such, and Activity Monitor or top for a glimpse at the load, and a trip through Console.app logs, the next step here is probably a discussion with the WordPress folks, and see if they have suggestions for optimizing that content management system, and suggestions around configuring MySQL and troubleshooting MySQL connectivity issues.
ps: Leopardus, thanks for posting the link, and definitely jump in with suggestions or alternatives.
-
Jan 3, 2016 12:15 PMby scottl31,So I found the Etrecheck and ran it last night. Here are the only warnings:
Other Apps: (What does this mean?)
[running] com.apple.DeviceManagement.postgres - No signature!
[loaded] com.apple.collabd.expire - No signature!
[loaded] com.apple.disks.smart.status - No signature!
[loaded] com.apple.salearn - No signature!
[loaded] com.apple.saupdate - No signature!
[running] com.apple.server.httpd - No signature!
[loaded] com.apple.server.v2.stats - No signature!
[running] com.apple.xpc.launchd.oneshot.0x10000000.Server - Invalid signature!
And:
Top Processes by CPU: (What does this mean?)
69% httpd(18)
13% mdworker(4)
7% mysqld
5% WindowServer
5% InterCheck
So I assumed the httpd(18) was for 18 sites hosted.
Then I ran it again a while ago and got this:
Top Processes by CPU: (What does this mean?)
110% httpd(23)
49% InterCheck
16% mysqld
6% kernel_task
6% WindowServer
Wondering about the (23). And then ran again just a few minutes ago and got this. In the two above, the httpd was in red, but nothing in red on the one below.
Top Processes by CPU: (What does this mean?)
5% WindowServer
3% fontd
1% kernel_task
1% ScreensharingAgent
1% screensharingd
Not sure what to make of the differences on the CPU processes.
I've tried caching plugins and never got what I expected to be the results.
-
Jan 3, 2016 1:38 PMby etresoft,Hello scottl31,
Don't worry about those failed signatures. I thought it would be a good idea to verify Apple's digital signatures, but it turns out they are virtually useless. It seems that Apple doesn't bother to sign everything and sometimes invalidates its own signatures, effectively rendering all of them pointless. A future update of EtreCheck will make signature checking optional.
The "(18)" and "(23)" in the processes section just refers to how how individual httpd processes were found. These may or may not correspond to the number of sites you are hosting.
I really would not recommending hosting websites on your own Mac. Get someone like Dreamhost to handle that for you.
-
Jan 3, 2016 2:36 PMby scottl31,Thanks for chiming in etresoft.
Ha! Yes, I agree we should be hosting with a hosting company. But my boss wants complete control of everything so he keeps it all in house, including the email.
But on the other side of the coin, what's the point of a full server with web, email, and all the other services if it's not recommended?
-
Jan 3, 2016 3:04 PMby scottl31,Are you saying to not use sophos at all, or just remove for another etrecheck? For now, here's the whole log with it still there. Also, not clear what you mean about the busy browser; there was no browser open on the machine when the test was run.
New Test: In this one, the only thing in red besides the invalid signatures is the mysql loading.
Hardware Information: (What does this mean?)
Mac mini (Late 2014)
[Click for Technical Specifications]
[Click for User Guide]
Mac mini - model: Macmini7,1
1 2.6 GHz Intel Core i5 CPU: 2-core
16 GB RAM Not upgradeable
BANK 0/DIMM0
8 GB DDR3 1600 MHz ok
BANK 1/DIMM0
8 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en1: 802.11 a/b/g/n/ac
Video Information: (What does this mean?)
Intel Iris
Display 1280 x 1024 @ 60 Hz
System Software: (What does this mean?)
OS X Yosemite 10.10.5 (14F1509) - Time since boot: about one day
Disk Information: (What does this mean?)
APPLE SSD SM0256F disk0 : (251 GB) (Solid State - TRIM: Yes)
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) /Volumes/Recovery HD [Recovery]: 650 MB (75 MB free)
[redacted] (disk1) / : 249.78 GB (197.79 GB free)
Core Storage: disk0s2 250.14 GB Online
USB Information: (What does this mean?)
Seagate BUP Slim Mac SL 1 TB
EFI (disk2s1) <not mounted> : 210 MB
S3_Backup (disk2s2) /Volumes/S3_Backup : 999.86 GB (692.54 GB free)
ASIX Elec. AX88179
Apple, Inc. IR Receiver
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Thunderbolt Information: (What does this mean?)
Apple Inc. thunderbolt_bus
Gatekeeper: (What does this mean?)
Mac App Store and identified developers
Kernel Extensions: (What does this mean?)
/Library/Extensions
[loaded] com.asix.driver.ax88179-178a (1.2.0 - SDK 10.9) [Click for support]
[not loaded] com.asix.driver.ax88772 (1.3.0 - SDK 10.9) [Click for support]
[loaded] com.sophos.kext.sav (9.4.50 - SDK 10.9) [Click for support]
[loaded] com.sophos.nke.swi (9.4.50 - SDK 10.9) [Click for support]
Startup Items: (What does this mean?)
MySQLCOM: Path: /Library/StartupItems/MySQLCOM
Startup items are obsolete in OS X Yosemite
Launch Agents: (What does this mean?)
[running] com.sophos.uiserver.plist [Click for support]
Launch Daemons: (What does this mean?)
[loaded] com.adobe.fpsaud.plist [Click for support]
[loaded] com.bombich.ccchelper.plist [Click for support]
[running] com.mysql.mysql.plist [Click for support]
[running] com.sophos.common.servicemanager.plist [Click for support]
[loaded] homebrew.mxcl.php56.plist [Click for support]
User Launch Agents: (What does this mean?)
[loaded] com.google.keystone.agent.plist [Click for support]
User Login Items: (What does this mean?)
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
X-Assist Application Hidden (/Applications/X-Assist/X-Assist.app)
Other Apps: (What does this mean?)
[running] com.apple.DeviceManagement.postgres - No signature!
[loaded] com.apple.collabd.expire - No signature!
[loaded] com.apple.disks.smart.status - No signature!
[loaded] com.apple.salearn - No signature!
[loaded] com.apple.saupdate - No signature!
[running] com.apple.server.httpd - No signature!
[loaded] com.apple.server.v2.stats - No signature!
[running] com.apple.xpc.launchd.oneshot.0x10000000.Server - Invalid signature!
[running] com.etresoft.EtreCheck.121584
[running] com.ortabe.xassist.41496
[running] com.sophos.autoupdate
[running] com.sophos.configuration
[running] com.sophos.intercheck
[running] com.sophos.notification
[running] com.sophos.scan
[running] com.sophos.sxld
[running] com.sophos.webd
[running] org.amavis.amavisd
[loaded] org.amavis.amavisd_cleanup
[loaded] org.calendarserver.agent
[loaded] org.calendarserver.archive
[running] org.calendarserver.calendarserver
[loaded] org.calendarserver.relocate
[running] org.clamav.clamd
[running] org.clamav.freshclam
[running] org.dovecot.dovecotd
[loaded] org.dovecot.fts.update
[running] org.isc.named
[running] org.postfix.master.active
Internet Plug-ins: (What does this mean?)
FlashPlayer-10.6: Version: 20.0.0.267 - SDK 10.6 [Click for support]
QuickTime Plugin: Version: 7.7.3
Flash Player: Version: 20.0.0.267 - SDK 10.6 [Click for support]
Default Browser: Version: 600 - SDK 10.10
3rd Party Preference Panes: (What does this mean?)
Flash Player [Click for support]
MySQL [Click for support]
Time Machine: (What does this mean?)
Skip System Files: NO
Auto backup: YES
Volumes being backed up:
Server3: Disk size: 249.78 GB Disk used: 51.99 GB
Destinations:
Seagate Backup Plus Drive [Local]
Total size: 999.86 GB
Total number of backups: 83
Oldest backup: 5/8/15, 4:17 PM
Last backup: 1/3/16, 2:20 PM
Size of backup disk: Excellent
Backup size 999.86 GB > (Disk size 249.78 GB X 3)
Top Processes by CPU: (What does this mean?)
5% WindowServer
3% fontd
1% kernel_task
1% ScreensharingAgent
1% screensharingd
Top Processes by Memory: (What does this mean?)
1.04 GB kernel_task
508 MB mysqld
459 MB softwareupdated
328 MB clamd
229 MB InterCheck
Virtual Memory Information: (What does this mean?)
4.73 GB Free RAM
11.00 GB Used RAM (6.28 GB Cached)
0 B Swap Used
Diagnostics Information: (What does this mean?)
Jan 2, 2016, 09:25:15 AM Self test - passed
-
Jan 3, 2016 4:04 PMby MrHoffman,Remove all of Sophos. Test.
Any anti-virus is a very complex tool — and arguably indistinguishable from malware, in terms of how it hooks into a system — and complex add-on security tools can and do cause performance and stability problems, and you're running both an integrated and an add-on anti-virus tool here. When things get weird, disable and remove the AV, and re-test the configuration.
There's apparently a network bridge of some sort here, too — is that somehow in use here; in a network path somewhere relevant to the web access?
-
Jan 3, 2016 5:16 PMby etresoft,Hello again scottl31,
I agree with MrHoffman. Few Macs are used as web servers and very few of those run Sophos. There is no telling what kind of performance hit you will suffer from running Sophos on a server. If anything, in a server context, Sophos is likely to introduce more vulnerabilities than you would have otherwise.
Back in the day, I used to run a local web, mail, and MySQL server for testing and development. I tried OS X Server but really didn't like it at all. I found it easier to setup all the services I needed manually. I still have a few user tips posted from those days. Here is one for Installing MySQL on OS X that might fix your red MySQL issue. I say "might" because I never did any of this in an OS X Server context. I have no idea what kind of funky things Server is doing.
But to be clear, I don't recommend any of those User Tips anymore. If you want complete control of everything, then get a dedicated server from Dreamhost, DigitalOcean, or a dozen similar providers. They'll give you a bare box with nothing but Linux, root user, and ssh. You don't get more complete control than that. Apple may sell OS X Server, but Apple uses Linux for its servers, just like everyone else.
-
Jan 3, 2016 6:33 PMby scottl31,You both seem to not be keen on sophos. Should I just ditch it altogether? I only have it set to do a scan every day at 2:00 am.
I love to be able to manage a hosted dedicated server, but my boss just won't do it. Although he doesn't want to pay someone else, it's more that he wants it under his physical roof.
