If it is mysql, php, nginx, it is recommended to check the website log to see if it has been attacked, or if mysql, php have a large number of slow logs, if any, contact the programmer to deal with it for you;
If you can’t analyze website logs, the software store has [Website statistics], which can be used to visually check the logs to see which website requests and accesses are currently abnormal. If a large number of requests come in within 1 second or a few seconds, there is a high probability of being hit. Yes, you can install our [nginx wef] plugin to block attacks
Open the nginx firewall, check whether there is an attack record, try to adjust the cc defense rule of the nginx firewall to enhanced mode, and see if the cpu has dropped.