Exceeding Notification Threshold

I received 3 email alerts yesterday, at 2pm, 4pm, and 6pm, notifying me:

Your Linode, has exceeded the notification threshold (1000) for disk io rate by averaging 3108.54 for the last 2 hours

I think this indicates I need to increase my swap disk space, correct?

If so, is there a way to figure an optimum size for swap disk?

But I guess most importantly, is it likely these alerts could indicate an attempted brute force attack?

4 Replies


I think this indicates I need to increase my swap disk space, correct?
Wrong – that's pretty much what you want not to do. You need to configure your software to run within the physical memory you have available. Swap is slow (more so in a shared environment, where disk I/O contention is the main bottleneck) and should only be used for the kernel to page out things that are very rarely executed. Using swap for software that is executed frequently will render your Linode unresponsive (possibly to the point where you can't even SSH in).

Also 3100 is fine if you're running something disk intensive such as a relational database, what's on the Linode?

The notification threshold can be adjusted in the Dashboard. The whole point of the notification is to alert you when something unusual happens, such as a DoS attack or OOM events. If you usually do 3100 I/O during the afternoon rush hour, your threshold should be higher.

Your I/O may or may not have anything to do with an attempted attack. It's impossible to tell because I/O spikes can be caused by anything from somebody hotlinking an image on your site to reddit (annoying but benign) to a full-scale hostile takeover of your server (catastrophe).

Thank you all for the feedback.

@obs: I'm running a career board built from a Wordpress core, if that's what you meant when asking what is on my linode?

@hybinet: Interesting you should mention OOM events. The first time I received an email like this I contacted support, and they informed me it was due to my server OOMing.

@pclissold: thank you for the information on what thrash is and the need to configure my software to use physical memory instead. Is this done inside my Apache, PHP, MySQL .ini files, or can it be done though my Linode dashboard?


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct