I’ve been battling with DDoS attack for the past couple of weeks although I have Cloudflare to help me navigate through it.
However, it seems like the initial attack managed to hit the server before Cloudflare start blocking it. As a result, the load is super high like 50 and the only way to bring it down is to restart PHP-FPM.
The other issue of high load that I’m facing is during sending newsletter to 5000 subscribers using mailster.
There are of course many cases that lead to high load and we should investigate it. However, this temporary relief help us to get past through it.

Time and time again whenever we had a DDoS or stuck process with the PHP Process, instead of rebooting the server, restarting the PHP-FPM does the job.
So that is the sole purpose of this script.
It will check the load of the VPS over the last 15 minutes, then execute stop start PHP-FPM services.
Just to be aware that I’m running on Runcloud so the service name is different. Nevertheless, script is below.
#!/usr/bin/bash
LOAD=`uptime |awk '{print $NF}'`
if [ $LOAD -gt 10 ] //10 is load average on 15 minutes
then
systemctl stop php74rc-fpm
sleep 1m
systemctl start php74rc-fpm
fi
Then add to your crontab. crontab -e
*/5 * * * * root /usr/local/auto/restart-phpfpm.sh >/dev/null 2>&1
Script will run every 5 minutes to check the load of the VPS.
You can replace the location of the script just ensure it is executabele – chmod 777 /path/to/script
To check the crontab, type crontab -l
and you should see the cron job.