Massive MySQL usage, error logs filled with XMLRCP POST requests, and a NGINX Wordpress Ubuntu Install that is slow and keeps on crashing

June 29, 2016 517 views
Nginx

Hey guys,

Would love some help on this.

This is what happens when I run top--189.2% MEM usage.

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

16396 mysql 20 0 1054988 108984 7608 S *189.2 * 5.3 243:33.36 mysqld

18429 www-data 20 0 387804 40440 24952 S 4.7 2.0 0:15.23 php5-fpm

18426 www-data 20 0 388488 49208 33540 S 2.7 2.4 0:15.32 php5-fpm

18785 root 20 0 711068 12496 2808 S 0.3 0.6 0:15.97 fail2ban-s+
1 root 20 0 33512 2736 1472 S 0.0 0.1 0:01.84 init

2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd

3 root 20 0 0 0 0 S 0.0 0.0 0:00.05 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:+
6 root 20 0 0 0 0 S 0.0 0.0 0:00.04 kworker/u4+
7 root 20 0 0 0 0 S 0.0 0.0 0:02.09 rcusched

8 root 20 0 0 0 0 R 0.0 0.0 0:01.33 rcuos/0

9 root 20 0 0 0 0 S 0.0 0.0 0:00.82 rcuos/1

10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu
bh

11 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/0

12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/1

13 root rt 0 0 0 0 S 0.0 0.0 0:00.07 migration/0
14 root rt 0 0 0 0 S 0.0 0.0 0:00.13 watchdog/0

The last two entries of my error logs:

2016/06/28 21:06:58 [error] 18406#0: *6899 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 194.1.238.79, server: code-love.com, request: "POST /xmlrpc.php HTTP/1.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "45.55.201.55"
2016/06/28 21:06:59 [error] 18406#0: *6902 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 194.1.238.79, server: code-love.com, request: "POST /xmlrpc.php HTTP/1.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "45.55.201.55"

A constant stream as you can imagine--I've only had this up for half a day, so multiply all this by 6000 in one day.

Any insight on how to stop this would be helpful. I've installed Fail2Ban and disabled access in the Nginx conf file to xmlrpc.php...all to no avail.

4 comments
  • From the linux prompt, run the following commands and reply with the output:

    free
    mysqladmin process status
    
  • Thanks!

    Output for free:

         total       used       free     shared    buffers     cached
    

    Mem: 2049956 1848836 201120 55280 79580 1489360
    -/+ buffers/cache: 279896 1770060
    Swap: 499996 336 499660

    Output for mysqladmin

    mysqladmin: connect to server at 'localhost' failed
    error: 'Access denied for user 'root'@'localhost'

  • @rogerhuang - You'll need the alternative command for mysqladmin:

    mysqladm process status -u root -p
    

    You will then need to provide the mysql root password at the prompt.

  • +------+------+-----------+----+---------+------+-------+------------------+
    | Id | User | Host | db | Command | Time | State | Info |
    +------+------+-----------+----+---------+------+-------+------------------+
    | 2308 | root | localhost | | Query | 0 | | show processlist |
    +------+------+-----------+----+---------+------+-------+------------------+
    Uptime: 12003 Threads: 1 Questions: 103294 Slow queries: 3831 Opens: 219 Flush tables: 1 Open tables: 174 Queries per second avg: 8.605

2 Answers

Try the answer to this previous question. For now, just rename your xmlrpc.php file until you get one of the better solutions to work.

  • I found out what the cause was: a plugin called Cleanup Booster that was messing up the MySQL. Thanks for pointing me in the right direction!

Thanks!

Output for free:

         total       used       free     shared    buffers     cached

Mem: 2049956 1848836 201120 55280 79580 1489360
-/+ buffers/cache: 279896 1770060
Swap: 499996 336 499660

Output for mysqladmin

mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost'

Have another answer? Share your knowledge.