What to do if VPS is disabled due to excessive RAM usage?
I am running a VPS with CentOS 6.7 and VestaCP, hosting five websites with a total of 100 daily visitors. Recently, the memory consumption suddenly increased, first the main one reached 1 GB and then the swap usage climbed to 1.4 GB. As a result, my hosting server was disabled without any prior notification. The reason provided by the hosting provider was a possible DDoS attack, which I found unlikely as I did not receive any alerts from subordinates. The server remained idle for about five hours.

Is there any way to prevent such unexpected situations in the future? Are there any self-monitoring tools for Linux server systems or Vesta that can limit the growth of swap usage once it reaches a specified threshold?

Based on your history, it seems that the server (or its IP) was disabled due to DDoS rather than insufficient RAM. This is a common issue for hosting companies that lack proper network attack protection, as such overloads negatively affect the experience of other clients who share the same infrastructure.

To investigate what happened shortly before the server was disconnected, you can set up resource monitoring and observe the network traffic, including the number of packets and other metrics.

To mitigate the threat of further DDoS attacks, consider using a CDN service as a protective layer for your site. Alternatively, you could purchase a small DDoS-protected VPS to act as a frontend for your service, or invest in a larger VPS to host the entire service.

Consider the following steps in case of a DDoS attack:

First, consider switching to a hoster with DDoS protection. Budget options, such as ruweb.net, have basic protection included in their payment plans. Additional DDoS protection can be purchased inexpensively, but the basic protection may suffice for many cases.

Next, analyze the logs to determine if the attack was concentrated on a single site. If so, consider scattering your sites across multiple small VDS systems. In the worst-case scenario, you will lose only one site.

Memory consumption is also an important factor to consider. If your application architecture allows for it, you can programmatically configure it to prevent excessive memory usage. However, your server may still become unresponsive during an attack. In this case, it's important to make sure you retain control of the process.

To maintain control, consider using external tools such as Yandex Metrica for monitoring, or Zabbix for internal server control.

Finally, implementing an IP filter on DNS can further protect against DDoS attacks. Services such as zilore can provide this protection, although a second server may be necessary for added guarantees against accidents in data centers or communication channels.

Leave that hosting immediately. If you're using resources allocated to you, it's not your concern if the hoster sells them.

Now, switch to KVM-based virtualization.

If you suspect a DDoS attack and your hosting provider doesn't seem to be doing anything about it, try using Cloudflare as a mitigation solution.

To begin with, consider implementing self-monitoring tools for your Linux server system. Tools like Monit, Nagios, or Zabbix can help you keep an eye on system resources, including memory usage, and alert you when thresholds are reached. These tools can be configured to send notifications via email, SMS, or other communication channels, allowing you to take immediate action when unusual resource consumption is detected.

In addition to general system monitoring, it's a good practice to set up specific resource limits for your VPS. For instance, you can use cgroups to control and limit memory and CPU usage for individual processes or groups of processes on your CentOS server. This can help prevent a single process from consuming all available memory and causing the server to enter a disabled state.

Furthermore, if you're using VestaCP to manage your server, you might want to explore any built-in monitoring and resource management features it offers. Some control panels provide tools to set resource usage limits for accounts or domains, which can be beneficial in preventing excessive resource consumption by specific websites.

Another aspect to consider is optimizing the performance of your websites and server applications. This can involve fine-tuning web server configurations, caching frequently accessed content, and identifying any inefficient code or resource-intensive scripts that may contribute to high memory usage. By optimizing the performance of your websites, you can reduce the overall resource demands on your VPS.
It's crucial to stay informed about the latest security threats and vulnerabilities in the web hosting environment. While the hosting provider suggested a possible DDoS attack as the reason for the spike in memory usage, it's important to keep your server and applications updated with the latest security patches and configurations to mitigate potential risks.

To limit the growth of swap usage in VestaCP, you can configure the vm.swappiness setting to a lower value, such as 10. This will instruct the kernel to prioritize disk space over swap space when allocating memory.

Additionally, you can set up a cron job to run the sysctl command to adjust the vm.swappiness setting dynamically. For example, you can add the following line to your crontab: */5 * * * * sysctl -w vm.swappiness=10. This will adjust the vm.swappiness setting every 5 minutes to ensure that swap usage remains under control.