Question

Massive MySQL usage, error logs filled with XMLRCP POST requests, and a NGINX Wordpress Ubuntu Install that is slow and keeps on crashing

Hey guys,

Would love some help on this.

This is what happens when I run top–189.2% MEM usage.

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
16396 mysql 20 0 1054988 108984 7608 S **189.2 ** 5.3 243:33.36 mysqld
18429 www-data 20 0 387804 40440 24952 S 4.7 2.0 0:15.23 php5-fpm
18426 www-data 20 0 388488 49208 33540 S 2.7 2.4 0:15.32 php5-fpm
18785 root 20 0 711068 12496 2808 S 0.3 0.6 0:15.97 fail2ban-s+ 1 root 20 0 33512 2736 1472 S 0.0 0.1 0:01.84 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:00.05 ksoftirqd/0 5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:+ 6 root 20 0 0 0 0 S 0.0 0.0 0:00.04 kworker/u4+ 7 root 20 0 0 0 0 S 0.0 0.0 0:02.09 rcu_sched
8 root 20 0 0 0 0 R 0.0 0.0 0:01.33 rcuos/0
9 root 20 0 0 0 0 S 0.0 0.0 0:00.82 rcuos/1
10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
11 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/0
12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/1
13 root rt 0 0 0 0 S 0.0 0.0 0:00.07 migration/0 14 root rt 0 0 0 0 S 0.0 0.0 0:00.13 watchdog/0

The last two entries of my error logs:

2016/06/28 21:06:58 [error] 18406#0: *6899 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 194.1.238.79, server: code-love.com, request: “POST /xmlrpc.php HTTP/1.0”, upstream: “fastcgi://unix:/var/run/php5-fpm.sock:”, host: “45.55.201.55” 2016/06/28 21:06:59 [error] 18406#0: *6902 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 194.1.238.79, server: code-love.com, request: “POST /xmlrpc.php HTTP/1.0”, upstream: “fastcgi://unix:/var/run/php5-fpm.sock:”, host: “45.55.201.55”

A constant stream as you can imagine–I’ve only had this up for half a day, so multiply all this by 6000 in one day.

Any insight on how to stop this would be helpful. I’ve installed Fail2Ban and disabled access in the Nginx conf file to xmlrpc.php…all to no avail.

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Try the answer to this previous question. For now, just rename your xmlrpc.php file until you get one of the better solutions to work.

Thanks!

Output for free:

         total       used       free     shared    buffers     cached

Mem: 2049956 1848836 201120 55280 79580 1489360 -/+ buffers/cache: 279896 1770060 Swap: 499996 336 499660

Output for mysqladmin

mysqladmin: connect to server at ‘localhost’ failed error: 'Access denied for user ‘root’@‘localhost’