Linux server instantly generate a huge amount of session file full hard disk, what solution?

Linux running a WordPress site, but recently very abnormal

The specific form of expression is:
/tmp directory instantly generate a huge amount of session files (more than 11 million), CPU instant 400%, hard disk directly burst (90G), resulting in server downtime

The file is already too many to use LS and RM commands are not reflected

This has happened in both Nginx and apache2 two webserver, both in Ubuntu and in CentOS.

Because oneself is this kind of novice, many questions do not understand, looked a lot of information but can not solve

My own random speculation is related to WP super cache, but found to stop the plugin still has this problem

Really can't find the relevant information, so come to ask:
Is it a matter of whether the server was attacked by a person who generated a huge session file in a flash?
How can this problem be prevented in general?

PS. In the use of Nginx also occurred a problem, php-fpm process cpu100%, but the use of some of the information found to track the process has not been harvested.

What information should I look for to study the problem?

Please give more advice, thank you!

Reply content:

Linux running a WordPress site, but recently very abnormal

The specific form of expression is:
/tmp directory instantly generate a huge amount of session files (more than 11 million), CPU instant 400%, hard disk directly burst (90G), resulting in server downtime

The file is already too many to use LS and RM commands are not reflected

This has happened in both Nginx and apache2 two webserver, both in Ubuntu and in CentOS.

Because oneself is this kind of novice, many questions do not understand, looked a lot of information but can not solve

My own random speculation is related to WP super cache, but found to stop the plugin still has this problem

Really can't find the relevant information, so come to ask:
Is it a matter of whether the server was attacked by a person who generated a huge session file in a flash?
How can this problem be prevented in general?

PS. In the use of Nginx also occurred a problem, php-fpm process cpu100%, but the use of some of the information found to track the process has not been harvested.

What information should I look for to study the problem?

Please give more advice, thank you!

It is best to look at the traffic statistics, check whether there are so many people visit, 1100w feel abnormal
Program inside the place to write the session also to check, is not a logical problem caused by circular writing.

Store the session in the Memcached

Distributed session storage.

1. PHP program, try not to use the session, as far as possible to use cookies, performance is much better
2. Programmers writing this PHP program, must be small white undoubtedly, abuse session. But the cost of the session is very high.
3. Save the session to the/DEV/SHM directory-this configuration does not require a PHP program to be modified.

If the configuration of the server is difficult, I can provide remote assistance, a lot of communication. QQ 41096834

1. Split the session file into multiple directories to avoid file system IO problems caused by huge files in a single directory
php.ini See Http://php.net/manual/en/session.configuration.php#ini.session.save-path
Session.save_path=3;/tmp

2, set Scheduled tasks scheduled cleanup more than 1 days of the session file
Crontab
0 3 * * */usr/bin/find/tmp/session-type f-atime +1-delete

3. Place the session on Redis or memcached instead of the file system

4, simply do not use the session, instead of a cookie + cache, which requires specific programming implementation

Cleaning up a large number of existing files can be used
Find ...-delete
Or
Find ... | Xargs rm-f

Or @ The dance Lin said right, first check the logic of the problem of the program

