Hey guys,

Would love some help on this.

This is what happens when I run top–189.2% MEM usage.

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

16396 mysql 20 0 1054988 108984 7608 S *189.2 * 5.3 243:33.36 mysqld

18429 www-data 20 0 387804 40440 24952 S 4.7 2.0 0:15.23 php5-fpm

18426 www-data 20 0 388488 49208 33540 S 2.7 2.4 0:15.32 php5-fpm

18785 root 20 0 711068 12496 2808 S 0.3 0.6 0:15.97 fail2ban-s+
1 root 20 0 33512 2736 1472 S 0.0 0.1 0:01.84 init

2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd

3 root 20 0 0 0 0 S 0.0 0.0 0:00.05 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:+
6 root 20 0 0 0 0 S 0.0 0.0 0:00.04 kworker/u4+
7 root 20 0 0 0 0 S 0.0 0.0 0:02.09 rcusched

8 root 20 0 0 0 0 R 0.0 0.0 0:01.33 rcuos/0

9 root 20 0 0 0 0 S 0.0 0.0 0:00.82 rcuos/1

10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcubh

11 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/0

12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/1

13 root rt 0 0 0 0 S 0.0 0.0 0:00.07 migration/0
14 root rt 0 0 0 0 S 0.0 0.0 0:00.13 watchdog/0

The last two entries of my error logs:

2016/06/28 21:06:58 [error] 18406#0: *6899 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 194.1.238.79, server: code-love.com, request: “POST /xmlrpc.php HTTP/1.0”, upstream: “fastcgi://unix:/var/run/php5-fpm.sock:”, host: “45.55.201.55”
2016/06/28 21:06:59 [error] 18406#0: *6902 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 194.1.238.79, server: code-love.com, request: “POST /xmlrpc.php HTTP/1.0”, upstream: “fastcgi://unix:/var/run/php5-fpm.sock:”, host: “45.55.201.55”

A constant stream as you can imagine–I’ve only had this up for half a day, so multiply all this by 6000 in one day.

Any insight on how to stop this would be helpful. I’ve installed Fail2Ban and disabled access in the Nginx conf file to xmlrpc.php…all to no avail.