Running something like this:
ps -aux | grep -n httpd | awk '{print $3, $2}' | sort -n | tail -1 | awk '{print $2}'
then take the number and put it in here:
lsof -p putnumberhere | grep tmp
that'll show you the list of the activities of the highest CPU consuming apache process and then show if it has anything to do with your tmp directories (e.g. a hacking attempt).
