Question
Massive MySQL usage, error logs filled with XMLRCP POST requests, and a NGINX Wordpress Ubuntu Install that is slow and keeps on crashing
Hey guys,
Would love some help on this.
This is what happens when I run top–189.2% MEM usage.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
16396 mysql 20 0 1054988 108984 7608 S *189.2 * 5.3 243:33.36 mysqld
18429 www-data 20 0 387804 40440 24952 S 4.7 2.0 0:15.23 php5-fpm
18426 www-data 20 0 388488 49208 33540 S 2.7 2.4 0:15.32 php5-fpm
18785 root 20 0 711068 12496 2808 S 0.3 0.6 0:15.97 fail2ban-s+
1 root 20 0 33512 2736 1472 S 0.0 0.1 0:01.84 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:00.05 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:+
6 root 20 0 0 0 0 S 0.0 0.0 0:00.04 kworker/u4+
7 root 20 0 0 0 0 S 0.0 0.0 0:02.09 rcusched
8 root 20 0 0 0 0 R 0.0 0.0 0:01.33 rcuos/0
9 root 20 0 0 0 0 S 0.0 0.0 0:00.82 rcuos/1
10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcubh
11 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/0
12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/1
13 root rt 0 0 0 0 S 0.0 0.0 0:00.07 migration/0
14 root rt 0 0 0 0 S 0.0 0.0 0:00.13 watchdog/0
The last two entries of my error logs:
2016/06/28 21:06:58 [error] 18406#0: *6899 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 194.1.238.79, server: code-love.com, request: “POST /xmlrpc.php HTTP/1.0”, upstream: “fastcgi://unix:/var/run/php5-fpm.sock:”, host: “45.55.201.55”
2016/06/28 21:06:59 [error] 18406#0: *6902 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 194.1.238.79, server: code-love.com, request: “POST /xmlrpc.php HTTP/1.0”, upstream: “fastcgi://unix:/var/run/php5-fpm.sock:”, host: “45.55.201.55”
A constant stream as you can imagine–I’ve only had this up for half a day, so multiply all this by 6000 in one day.
Any insight on how to stop this would be helpful. I’ve installed Fail2Ban and disabled access in the Nginx conf file to xmlrpc.php…all to no avail.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
From the linux prompt, run the following commands and reply with the output:
Thanks!
Output for free:
Mem: 2049956 1848836 201120 55280 79580 1489360
-/+ buffers/cache: 279896 1770060
Swap: 499996 336 499660
Output for mysqladmin
mysqladmin: connect to server at ‘localhost’ failed
error: 'Access denied for user 'root’@'localhost’
@rogerhuang - You’ll need the alternative command for mysqladmin:
You will then need to provide the mysql root password at the prompt.
+——+——+———–+—-+———+——+——-+——————+
| Id | User | Host | db | Command | Time | State | Info |
+——+——+———–+—-+———+——+——-+——————+
| 2308 | root | localhost | | Query | 0 | | show processlist |
+——+——+———–+—-+———+——+——-+——————+
Uptime: 12003 Threads: 1 Questions: 103294 Slow queries: 3831 Opens: 219 Flush tables: 1 Open tables: 174 Queries per second avg: 8.605