LEMP Wordpress: php5-fpm.sock failed

January 10, 2016 5k views
Nginx MySQL PHP One-Click Install Apps WordPress LEMP Ubuntu


Lately my server has been going down more and more often. It started once a month, then twice, but now its constantly crashing. Im completely new to this, so im lost to where i should start looing for answers. But im pretty sure this has to do with memory. Though not because of traffic, but likely due to configuration.

So im just gonna paste the errors I get, and hope that some of you can help me figure this out.

The droplet is a 1gb, Ubuntu 14.04 x64 vmlinuz-3.13.0-57-generic, wordpress on LEMP.

Im running monit, which at this moment is constantly telling me that php5 is failing. A service mysql restart is fixing it for a couple of minutes before it fails again.

nginx error.log is repeating this:

2016/01/09 18:58:31 [error] 2507#0: *9 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client:, $.219, server:, request: "POST /xmlrpc.php HTTP/1.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "xx.xx.xx.xx"


Jan  9 19:07:12 mydomain kernel: [ 1350.422250] perf samples too long (20030 > 20000), lowering kernel.perf_event_max_sample_rate to 6250
Jan  9 18:45:29 mydomain kernel: [   47.269310] random: nonblocking pool is initialized


[09-Jan-2016 18:50:45] NOTICE: configuration file /etc/php5/fpm/php-fpm.conf test is successful

monit mails

  1. Connection failed Service nginx ... Resource temporarily unavailable
  2. Connection failed Service php5-fpm
  3. Execution failed Service php5-fpm ... failed to stop

I have setup a swap following this tutorial, but im really not sure how to see if it works/i did it the right way.

I really want to understand how to debug memory-issues, as im sure that is the problem. But i really dont know where to begin.

A nudge in the right direction is much appreciated.

3 Answers

I managed to fix the problem. By preventing access to xmlrpc.php in my nginx.conf ( ) and setting up fail2ban, everything is working as it should.

Ive set up fail2ban following the DO-tutorial ( ) with mail-notifications, and the first 12-hours or so I got about 20 ban-notifications. As soon as it started banning ip-adresses - 30 minutes after configuration - php5-fpm stopped failing.

Thank you @petercollins83 for pointing out the suspicious IP-adress and the xmlrpc.php-issue!

i got a lot of those ip's in my logs,, against xmlrpc.php. googling xmlrpc.php seems like its a wordpress security vulnerability, so youve got the dame dude trying to hack/crash your site.

  • Do you have any suggestions on how to proceed fixing this? Would something like fail2ban help in this situation?

    • i just renamed the xmlrpc.php file. It's mainly for external application access to wordpress (e.g. using jetpack... some other plugins/apps also, none of which I use) so I had no problems renaming it.

      there might be more elaborate solutions but didnt look into them myself.

Have another answer? Share your knowledge.