VPS disabled for exceeding the RAM — what to do?

A VPS, it is CentOS 6.7, VestaCP. 5 websites for VP, attendance 100 per day in total.
Today rose sharply feed the main memory first to 1GB and then swap to 1.4 GB. The server hosting turned off. They have never said they are obliged to notify. The reason is as said, a DDoS. I never went to sites that I told no one of his subordinates - 5 hours the server was down.

There are some tools of "self-control" backend linux systems, or at least Vesta, to avoid such "unexpected" moments? For example if the increased swap up to 1GB - limit future growth.
July 9th 19 at 11:20
8 answers
July 9th 19 at 11:22
July 9th 19 at 11:24
Zabbix, Nagios.
July 9th 19 at 11:26
I can see from Your server (or its IP) was disconnected due to a DDoS, and not because of RAM.
It is a common practice among webhosts, whose infrastructure is not sufficiently protected from network attacks because such overload affect the service quality of other customers (infrastructure all have in common).

You can configure the resource monitor to see what happened shortly before the server downtime, network/Qty pack/other resources.

Try to put in front of the site of some CDN service that will become a layer between the attacks and your site.
Try to buy a small VPS have DDoS protected provider and make it a frontend to the service. Or buy a bigger VPS to emigrirovat the entire service.
July 9th 19 at 11:28
I zhor memory was because of Apache. Dropped it in favor of nginx and more the problem is not repeated.
Generally read the logs.
Server unavailable I signaled Yandex.Metrics and internal service of the host (via SMS).
July 9th 19 at 11:30
If you DDoS then you need to start the server via the CDN
We should clarify that some CDNы (including CloudFlare) are banned in Russia sites that ban by IP, so that all the customers who come to your site via a blocked IP CNDа will see the plug on the lock.

But, of course, must be very lucky that Your site was hit on a blocked IP CNDа. - Carli commented on July 9th 19 at 11:33
July 9th 19 at 11:32
If it is DDoS, then:

To statit the host which has DDoS protection. For example, from the budget - have ruweb.net. The basic level included in the payment. Additional DDoS is and for the extra money and not expensive. Basic enough for many.

To analyze the logs. The attack was probably only at 1 site.
Scatter 5 sites in five small VDS. In extreme cases you will lose only the website.

Zhor memory depends on the architecture of your application. Perhaps you can configure the software to stop biting memory. But the server will still lie. But the host will not disable and you will control the process.

Outside control is conducted, for example, through Yandex Metrics. Inside the server - for example, using Zabbix.

Make failover IP on DNS. For example, zilore can.
But it will need a second server. For large guarantees from another hoster. Then from DDoS will be a kind of protection from accidents in the datacenter and the communication channels thereto.
July 9th 19 at 11:34
To get the fuck with this hosting.
Hoster sold resources, how much you consume it care should not.

Go to where the virtualization is based on KVM.

If turned off for a ddos (hardly ever, rather it was school-dos, which is a normal hoster does not pay attention), man cloudflare.
July 9th 19 at 11:36

Find more questions by tags Hosting