Question
Massive MySQL usage, error logs filled with XMLRCP POST requests, and a NGINX Wordpress Ubuntu Install that is slow and keeps on crashing
- Posted on June 29, 2016
- Nginx
Asked by rogerhuang
Hey guys,
Would love some help on this.
This is what happens when I run top–189.2% MEM usage.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
16396 mysql 20 0 1054988 108984 7608 S **189.2 ** 5.3 243:33.36 mysqld
18429 www-data 20 0 387804 40440 24952 S 4.7 2.0 0:15.23 php5-fpm
18426 www-data 20 0 388488 49208 33540 S 2.7 2.4 0:15.32 php5-fpm
18785 root 20 0 711068 12496 2808 S 0.3 0.6 0:15.97 fail2ban-s+
1 root 20 0 33512 2736 1472 S 0.0 0.1 0:01.84 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:00.05 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:+
6 root 20 0 0 0 0 S 0.0 0.0 0:00.04 kworker/u4+
7 root 20 0 0 0 0 S 0.0 0.0 0:02.09 rcu_sched
8 root 20 0 0 0 0 R 0.0 0.0 0:01.33 rcuos/0
9 root 20 0 0 0 0 S 0.0 0.0 0:00.82 rcuos/1
10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
11 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/0
12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/1
13 root rt 0 0 0 0 S 0.0 0.0 0:00.07 migration/0
14 root rt 0 0 0 0 S 0.0 0.0 0:00.13 watchdog/0
The last two entries of my error logs:
2016/06/28 21:06:58 [error] 18406#0: *6899 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 194.1.238.79, server: code-love.com, request: “POST /xmlrpc.php HTTP/1.0”, upstream: “fastcgi://unix:/var/run/php5-fpm.sock:”, host: “45.55.201.55” 2016/06/28 21:06:59 [error] 18406#0: *6902 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 194.1.238.79, server: code-love.com, request: “POST /xmlrpc.php HTTP/1.0”, upstream: “fastcgi://unix:/var/run/php5-fpm.sock:”, host: “45.55.201.55”
A constant stream as you can imagine–I’ve only had this up for half a day, so multiply all this by 6000 in one day.
Any insight on how to stop this would be helpful. I’ve installed Fail2Ban and disabled access in the Nginx conf file to xmlrpc.php…all to no avail.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Try the answer to this previous question. For now, just rename your xmlrpc.php file until you get one of the better solutions to work.
Thanks!
Output for free:
Mem: 2049956 1848836 201120 55280 79580 1489360 -/+ buffers/cache: 279896 1770060 Swap: 499996 336 499660
Output for mysqladmin
mysqladmin: connect to server at ‘localhost’ failed error: 'Access denied for user ‘root’@‘localhost’