Related

Product Now Available: Managed MySQL Databases Product
MySQL Not Starting Up - Got Freezed while Upgrading to MySQL 5.6 Question Question
Having a LAMP Stack issue Ubuntu 14.04 - Magento (not one click install) Question Question

Question

Why CPU load average spikes every 1-1.5 hour?

Posted June 30, 2020 2.9k views
MySQLApache

Hi guys,

Any idea why CPU load average spikes every 1-1.5 hour?

Here are some MySQL error logs for 1.5 hours (one cycle) as well as syslog for
1.5 hours (one cycle).

Thanks a lot!

BR,
Tom

Logs: https://pastebin.com/UeRSVBmi

Add a comment
Azinity
By:
Azinity
edited by MattIPv4

Related

Product Now Available: Managed MySQL Databases Product
MySQL Not Starting Up - Got Freezed while Upgrading to MySQL 5.6 Question Question
Having a LAMP Stack issue Ubuntu 14.04 - Magento (not one click install) Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
19 answers
andmoo June 30, 2020

Hey @Azinity

your mysql instance is being killed regularly by Linux’s OOM (out of memory) killer. You should review the load consumed by the resources running on the server. Based on experience it’s usually down to a greedy query that causes a resource contention and makes Linux sacrifice the most expensive process.

At a high level, here’s my recommendations;

  1. Tune applications to be more conservative with resources. e.g. limit the amount of connections your web server can serve at once.
  2. a. Turn on MySQL slow log and configure it to capture any query that takes longer than 0.5 seconds.
  3. b. Analyse the slow query log using pt-query-digest
  4. c. Tune the queries using indexing or rewrites to reduce the amount of resources the SQL queries need to use.

You might get some joy through upgrading the droplet to something larger but that may only buy you time.

BR

Andrew

Reply Report
Azinity July 1, 2020

hi andrew, thanks for your reply.

however, if you look at the syslog below, it is because there were a bunch of apache child processes running which crashed mysql. these apache child processes killed the process! they run every 1-1.5 hours! we dont have any cron jobs.

besides, if you look at the performance graph, even when the cpu load average (1 min) peaks at 20.71, the cpu hit 46.47% only and the memory hit 53%. the highest cpu and memory have never exceeded 57.5% and 88% respectively.

i found many related threads on google but they dont seem make any sense in my case including using swap, limiting apache child processes, etc. for instance, limiting apache child processes is just fire fighting. we got to find out the crux of the problem which is why there are so many apache child processes running in the first place which only cropped up about 10 days ago.

any idea will be very much appreciated!!

br, tom

Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073730] [ pid ]   uid  tgid total_vm      rss nr_ptes nr_pmds swapents oom_score_adj name
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073735] [  632]     0   632     9562     1118      21       3        0             0 systemd-journal
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073738] [  673]     0   673    23693      133      17       3        0             0 lvmetad
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073741] [  709]     0   709    10628      280      24       3        0         -1000 systemd-udevd
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073744] [  947]   100   947    25080      219      19       3        0             0 systemd-timesyn
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073747] [ 1402]     0  1402   151027      393      27       4        0             0 lxcfs
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073750] [ 1403]     0  1403     1304       29       8       3        0             0 iscsid
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073752] [ 1405]     0  1405     1429      882       9       3        0           -17 iscsid
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073755] [ 1407]     0  1407     1098      286       8       3        0             0 acpid
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073758] [ 1419]     0  1419     6932      487      19       3        0             0 cron
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073760] [ 1423]   107  1423    10722      189      24       3        0          -900 dbus-daemon
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073763] [ 1440]   999  1440    77407     1472      28       4        0          -900 do-agent
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073766] [ 1443]     0  1443     6511      282      19       3        0             0 atd
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073768] [ 1451]   104  1451    64097      347      27       4        0             0 rsyslogd
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073771] [ 1460]     0  1460    68617      194      36       4        0             0 accounts-daemon
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073773] [ 1467]     0  1467     7136      423      18       3        0             0 systemd-logind
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073776] [ 1494]     0  1494    43335     2432      52       3        0             0 unattended-upgr
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073779] [ 1527]     0  1527     3342       53      11       3        0             0 mdadm
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073781] [ 1567]   114  1567    55396      361      61       4        0             0 opendkim
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073784] [ 1569]     0  1569    16378      623      36       3        0         -1000 sshd
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073786] [ 1579]     0  1579    69272      173      39       3        0             0 polkitd
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073789] [ 1583]     0  1583     3617      389      12       3        0             0 agetty
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073792] [ 1588]     0  1588     3663      351      12       3        0             0 agetty
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073794] [ 1601]     0  1601     4868      285      15       3        0             0 irqbalance
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073797] [ 1663]     0  1663   130429     3242      52       4        0             0 fail2ban-server
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073800] [ 1683]     0  1683   145413     3344     192       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073802] [ 1686]    33  1686     4922      294      13       3        0             0 htcacheclean
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073805] [ 1876]     0  1876    16351      549      24       3        0             0 master
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073808] [ 1879]   113  1879    16909      335      25       3        0             0 qmgr
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073810] [28804]   113 28804    16868      142      25       3        0             0 pickup
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073813] [30595]    33 30595   169752    37440     264       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073816] [30879]    33 30879   171092    36501     262       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073819] [30882]    33 30882   172410    27578     242       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073821] [30908]    33 30908   167525    24627     234       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073824] [31053]    33 31053   173553    28367     244       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073826] [31054]    33 31054   186883    43994     277       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073829] [31071]    33 31071   148886    10406     195       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073832] [31072]    33 31072   173932    14434     213       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073834] [31073]    33 31073   178268    32591     254       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073837] [31081]   113 31081    16870      522      24       3        0             0 trivial-rewrite
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073840] [31082]   113 31082    20741      543      31       3        0             0 smtp
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073842] [31083]   113 31083    16876      527      24       3        0             0 bounce
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073845] [31090]    33 31090   150307     9638     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073847] [31091]    33 31091   149797     9352     190       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073850] [31092]    33 31092   150819    10373     192       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073852] [31093]    33 31093   150821    10370     192       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073855] [31094]    33 31094   150819    10463     192       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073858] [31095]    33 31095   148259     7950     187       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073860] [31096]    33 31096   150821    10372     192       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073863] [31097]    33 31097   148259     7756     187       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073866] [31098]    33 31098   147237     6608     185       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073868] [31099]    33 31099   147239     6883     185       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073871] [31100]    33 31100   148259     7254     187       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073873] [31101]    33 31101   148259     7295     187       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073876] [31102]    33 31102   148261     7805     187       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073878] [31103]    33 31103   148259     7968     187       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073881] [31104]    33 31104   148259     7660     187       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073884] [31109]    33 31109   150783    10381     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073886] [31110]    33 31110   150783    10379     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073889] [31111]    33 31111   150783    10381     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073891] [31112]    33 31112   150751    10003     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073894] [31113]    33 31113   167045     9813     192       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073896] [31114]    33 31114   150751    10114     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073899] [31115]    33 31115   150751     9875     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073901] [31116]    33 31116   150783    10379     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073904] [31117]    33 31117   150751     9971     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073907] [31118]    33 31118   150751     9917     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073909] [31119]    33 31119   150783    10292     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073912] [31120]    33 31120   150783    10038     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073914] [31121]    33 31121   150783    10093     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073917] [31122]    33 31122   150783    10380     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073919] [31124]    33 31124   150767    10371     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073922] [31125]    33 31125   150751     9760     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073924] [31147]    33 31147   149621     8948     188       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073927] [31148]    33 31148   150223     9376     189       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073929] [31149]    33 31149   150133     9282     189       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073932] [31150]    33 31150   150133     9338     189       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073935] [31151]    33 31151   150223     9512     189       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073937] [31152]    33 31152   150223     9425     189       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073940] [31153]    33 31153   150223     9205     189       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073942] [31155]    33 31155   150223     9558     189       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073945] [31156]    33 31156   150223     9393     189       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073947] [31157]    33 31157   166517     9355     190       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073950] [31158]    33 31158   149621     9153     188       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073952] [31159]    33 31159   149621     8975     188       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073955] [31160]    33 31160   148291     9518     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073957] [31161]    33 31161   149621     9071     188       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073960] [31162]    33 31162   149621     9200     188       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073962] [31163]    33 31163   149621     9000     188       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073965] [31164]    33 31164   149109     8665     187       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073968] [31165]    33 31165   149621     8770     188       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073970] [31166]    33 31166   149621     9091     188       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073973] [31168]    33 31168   149109     8587     187       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073975] [31169]    33 31169   149109     8801     187       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073978] [31170]    33 31170   148597     7803     186       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073980] [31171]    33 31171   150751     9971     191       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073983] [31172]    33 31172   148085     7631     185       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073985] [31173]    33 31173   148085     7578     185       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073988] [31175]    33 31175   146549     5778     182       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073991] [31176]    33 31176   146549     5762     182       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073993] [31179]    33 31179   146045     5558     182       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073996] [31180]    33 31180   145534     5077     184       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.073998] [31185]    33 31185   145531     5241     181       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074001] [31186]    33 31186   146045     5506     182       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074003] [31196]    33 31196   146043     5572     182       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074006] [31208]    33 31208   145531     5219     181       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074008] [31220]   112 31220   395087    40635     165       5        0             0 mysqld
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074011] [31221]     0 31221     2815      252      10       3        0             0 mysql-systemd-s
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074013] [31241]    33 31241   145531     5140     181       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074016] [31245]    33 31245   146037     5499     180       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074018] [31246]    33 31246   146037     5499     180       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074033] [31247]    33 31247   146037     5435     180       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074036] [31248]    33 31248   146037     5407     180       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074039] [31278]    33 31278   145431     4176     179       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074041] [31279]    33 31279   145431     4443     179       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074044] [31280]    33 31280   145431     4675     179       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074046] [31281]    33 31281   145431     4204     179       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074049] [31282]    33 31282   145431     4151     179       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074052] [31283]    33 31283   145431     4213     179       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074054] [31287]    33 31287   145431     3013     179       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074057] [31288]    33 31288   145425     2267     173       4        0             0 apache2
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074060] [31300]     0 31300     2815       56       9       3        0             0 mysql-systemd-s
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.074062] Out of memory: Kill process 31054 (apache2) score 86 or sacrifice child
Jun 29 07:18:57 AzinityServerCPU2 kernel: [84710.077372] Killed process 31054 (apache2) total-vm:747532kB, anon-rss:98532kB, file-rss:77444kB
Jun 29 07:18:57 AzinityServerCPU2 systemd[1]: Started MySQL Community Server.
Jun 29 07:18:59 AzinityServerCPU2 kernel: [84712.730313] apache2 invoked oom-killer: gfp_mask=0x24201ca, order=0, oom_score_adj=0
Jun 29 07:18:59 AzinityServerCPU2 kernel: [84712.730322] apache2 cpuset=/ mems_allowed=0
Jun 29 07:18:59 AzinityServerCPU2 kernel: [84712.730337] CPU: 0 PID: 31185 Comm: apache2 Not tainted 4.4.0-184-generic #214-Ubuntu
Jun 29 07:18:59 AzinityServerCPU2 kernel: [84712.730341] Hardware name: DigitalOcean Droplet, BIOS 20171212 12/12/2017
Jun 29 07:18:59 AzinityServerCPU2 kernel: [84712.730346]  0000000000000286 8fda52642e50af38 ffff8800430079c8 ffffffff8140dc9b
Jun 29 07:18:59 AzinityServerCPU2 kernel: [84712.730354]  ffff880043007b80 ffff88007b68e3c0 ffff880043007a38 ffffffff8121a9ee
Jun 29 07:18:59 AzinityServerCPU2 kernel: [84712.730362]  ffff8800430079e8 ffff880043007a10 ffffffff814f127a 00000000ffffffff
Jun 29 07:18:59 AzinityServerCPU2 kernel: [84712.730369] Call Trace:
Jun 29 07:18:59 AzinityServerCPU2 kernel: [84712.730385]  [<ffffffff8140dc9b>] dump_stack+0x6d/0x92
Jun 29 07:18:59 AzinityServerCPU2 kernel: [84712.730395]  [<ffffffff8121a9ee>] dump_header+0x5a/0x1c3
Jun 29 07:18:59 AzinityServerCPU2 kernel: [84712.730404]  [<ffffffff814f127a>] ? virtballoon_oom_notify+0x2a/0x80
Jun 29 07:18:59 AzinityServerCPU2 kernel: [84712.730413]  [<ffffffff8119e85b>] oom_kill_process+0x20b/0x3d0
edited by bobbyiliev
Reply Report
Azinity July 1, 2020

hi andrew, here is the htop log when the sites were momentarily down. why were so many apache child processes running? how can i find out which site is causing the problem? currently, we have 31 sites sitting on this droplet. any hint will be very much appreciated!! br, tom


  1  [|||||                                                           5.3%]   Tasks: 134, 38 thr; 2 running
  2  [||||||                                                          7.2%]   Load average: 17.94 4.91 1.84
  Mem[|||||||||||||||||||||||||||||||||                         803M/1.95G]   Uptime: 3 days, 03:34:07
  Swp[                                                               0K/0K]

  PID USER      PRI  NI  VIRT   RES   SHR S CPU% MEM%   TIME+  Command
25237 www-data   20   0  570M 30992 18184 S  3.3  1.5  0:00.23 apache2 -k start
25240 www-data   20   0  570M 30936 18132 S  2.6  1.5  0:00.38 apache2 -k start
25075 www-data   20   0  570M 28696 16512 S  2.0  1.4  0:00.42 apache2 -k start
25349 root       20   0 25116  4188  3176 R  1.3  0.2  0:00.12 htop
25243 www-data   20   0     0     0     0 Z  1.3  0.0  0:00.28 apache2 -k start
25097 www-data   20   0  570M 28368 16524 S  1.3  1.4  0:00.36 apache2 -k start
25131 www-data   20   0  570M 31820 18888 S  0.0  1.6  0:00.35 apache2 -k start
25063 www-data   20   0  571M 31136 18840 S  0.0  1.5  0:00.52 apache2 -k start
25099 www-data   20   0  570M 31608 18672 S  0.0  1.5  0:00.38 apache2 -k start
25015 www-data   20   0  683M  123M 73632 S  0.0  6.2  0:05.69 apache2 -k start
25157 www-data   20   0  570M 28436 16592 S  0.0  1.4  0:00.34 apache2 -k start
25101 www-data   20   0  571M 32628 18404 S  0.0  1.6  0:00.44 apache2 -k start
25077 www-data   20   0  570M 29444 15824 S  0.0  1.4  0:00.47 apache2 -k start
25096 www-data   20   0  570M 28328 16484 S  0.0  1.4  0:00.38 apache2 -k start
25044 www-data   20   0  573M 32812 16340 S  0.0  1.6  0:02.09 apache2 -k start
25141 www-data   20   0  570M 28396 16552 S  0.0  1.4  0:00.34 apache2 -k start
25196 www-data   20   0  570M 27376 15692 S  0.0  1.3  0:00.35 apache2 -k start
25066 www-data   20   0  571M 28764 16500 S  0.0  1.4  0:00.49 apache2 -k start
25140 www-data   20   0  570M 28412 16572 S  0.0  1.4  0:00.34 apache2 -k start
25187 www-data   20   0  570M 27464 15744 S  0.0  1.3  0:00.23 apache2 -k start
25328 www-data   20   0  570M 28220 16536 S  0.0  1.4  0:00.25 apache2 -k start
25333 www-data   20   0  570M 28224 16544 S  0.0  1.4  0:00.17 apache2 -k start
25242 www-data   20   0  570M 27944 16248 S  0.0  1.4  0:00.32 apache2 -k start
25069 www-data   20   0  570M 28552 16388 S  0.0  1.4  0:00.37 apache2 -k start
25186 www-data   20   0  570M 27440 15760 S  0.0  1.3  0:00.31 apache2 -k start
25214 www-data   20   0  570M 27508 15824 S  0.0  1.3  0:00.24 apache2 -k start
25164 www-data   20   0  570M 27552 15804 S  0.0  1.3  0:00.32 apache2 -k start
  709 root       20   0 42512   804     0 S  0.0  0.0  0:00.43 systemd-udevd
 1663 root       20   0  509M 13100     0 S  0.0  0.6  2:20.50 python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2
25331 www-data   20   0  570M 31468 18712 S  0.0  1.5  0:00.24 apache2 -k start
25103 www-data   20   0  570M 28360 16516 S  0.0  1.4  0:00.34 apache2 -k start
25091 www-data   20   0  570M 28248 16408 S  0.0  1.4  0:00.38 apache2 -k start
25185 www-data   20   0  570M 30904 17876 S  0.0  1.5  0:00.27 apache2 -k start
25121 www-data   20   0  570M 29188 15800 S  0.0  1.4  0:00.25 apache2 -k start
25057 www-data   20   0  572M 30876 15804 S  0.0  1.5  0:00.69 apache2 -k start
25142 www-data   20   0  570M 28436 16592 S  0.0  1.4  0:00.34 apache2 -k start
25128 www-data   20   0  570M 28416 16576 S  0.0  1.4  0:00.35 apache2 -k start
edited by bobbyiliev
Reply Report
  • bobbyiliev July 1, 2020

    Hi there @Azinity,

    What I could suggest in this case is to check your Apache access lots in order to see what requests were being sent during that CPU spike.

    To check your access logs you could run this command here:

    • tail -f /var/log/apache2/access.logs

    Or you could use the grep command to search for a specific time:

    grep "the_time_when_the_cpu_skipe_occured" /var/log/apache2/access.logs

    Also another thing you could do is to use this script here which will summarize your Apache access log and show you the following information

    • The 20 top pages with the most POST requests

    • The 20 top pages with the most GET requests

    • Top 20 IP addresses and their geo-location

    Hope that this helps!
    Regards,
    Bobby

    Reply Report
Azinity July 1, 2020

hi bobby,

thank you so much for your suggestions!

here are two sessions of access.log when the cpu load averages spiked. i dont see anything malicious or anomalous. maybe restricting certain IPs? any idea will be highly appreciated.

84.202.100.14 - - [01/Jul/2020:09:21:40 +0000] “GET /wp-json/wp/v2/categories?perpage=100&orderby=name&order=asc&fields=id%2Cname%2Cparent&locale=user HTTP/1.1” 200 1910 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:21:41 +0000] “GET /wp-json/wp/v2/categories?perpage=100&orderby=count&order=desc&fields=id%2Cname&locale=user HTTP/1.1” 200 1192 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
20.42.108.88 - - [01/Jul/2020:09:21:41 +0000] “GET /wp-content/plugins/ppus/up.php HTTP/1.1” 404 87361 “-” “python-requests/2.24.0”
20.42.108.88 - - [01/Jul/2020:09:21:42 +0000] “GET /098.php HTTP/1.1” 301 576 “-” “python-requests/2.24.0”
20.42.108.88 - - [01/Jul/2020:09:21:43 +0000] “GET /098.php HTTP/1.1” 301 3830 “-” “python-requests/2.24.0”
20.42.108.88 - - [01/Jul/2020:09:21:45 +0000] “GET /098.php HTTP/1.1” 404 87361 “-” “python-requests/2.24.0”
20.42.108.88 - - [01/Jul/2020:09:21:46 +0000] “GET /V5.php HTTP/1.1” 301 574 “-” “python-requests/2.24.0”
20.42.108.88 - - [01/Jul/2020:09:21:47 +0000] “GET /V5.php HTTP/1.1” 301 3829 “-” “python-requests/2.24.0”
84.202.100.14 - - [01/Jul/2020:09:21:47 +0000] “POST /wp-json/wp/v2/posts/4375?locale=user HTTP/1.1” 200 37835 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
185.187.30.14 - - [01/Jul/2020:09:21:48 +0000] “GET / HTTP/1.1” 301 580 “-” “Mozilla/5.0 (Linux; U; Android 4.1.2; ja-jp; SC-06D Build/JZO54K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30”
185.187.30.14 - - [01/Jul/2020:09:21:48 +0000] “GET / HTTP/1.1” 301 580 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36”
185.187.30.13 - - [01/Jul/2020:09:21:48 +0000] “GET / HTTP/1.1” 301 580 “-” “Mozilla/5.0 (Linux; U; Android 4.1.2; ja-jp; SC-06D Build/JZO54K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30”
20.42.108.88 - - [01/Jul/2020:09:21:48 +0000] “GET /V5.php HTTP/1.1” 404 87361 “-” “python-requests/2.24.0”
84.202.100.14 - - [01/Jul/2020:09:21:48 +0000] “POST /wp-admin/post.php?post=4375&action=edit&meta-box-loader=1&meta-box-loader-nonce=d09249632a&locale=user HTTP/1.1” 302 523 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
20.42.108.88 - - [01/Jul/2020:09:21:50 +0000] “GET /newlicense.php HTTP/1.1” 301 592 “-” “python-requests/2.24.0”
185.187.30.14 - - [01/Jul/2020:09:21:50 +0000] “GET / HTTP/1.1” 301 579 “-” “Mozilla/5.0 (Linux; U; Android 4.1.2; ja-jp; SC-06D Build/JZO54K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30”
84.202.100.14 - - [01/Jul/2020:09:21:49 +0000] “GET /wp-admin/post.php?post=4375&action=edit&message=4 HTTP/1.1” 200 201719 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
115.124.35.231 - - [01/Jul/2020:09:21:51 +0000] “GET / HTTP/1.1” 301 580 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:76.0) Gecko/20100101 Firefox/76.0”
185.187.30.14 - - [01/Jul/2020:09:21:49 +0000] “GET / HTTP/1.1” 200 17343 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36”
185.187.30.13 - - [01/Jul/2020:09:21:49 +0000] “GET / HTTP/1.1” 200 17322 “-” “Mozilla/5.0 (Linux; U; Android 4.1.2; ja-jp; SC-06D Build/JZO54K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30”
185.187.30.14 - - [01/Jul/2020:09:21:49 +0000] “GET / HTTP/1.1” 200 17312 “-” “Mozilla/5.0 (Linux; U; Android 4.1.2; ja-jp; SC-06D Build/JZO54K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30”
139.59.96.33 - - [01/Jul/2020:09:21:51 +0000] “POST /wp-cron.php?doingwpcron=1593595311.0411748886108398437500 HTTP/1.1” 200 3320 “https://www.azinity.com/wp-cron.php?doingwpcron=1593595311.0411748886108398437500” “WordPress/5.4.2; https://www.azinity.com
84.202.100.14 - - [01/Jul/2020:09:21:50 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 1286 “https://www.azinity.com/wp-admin/index.php” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
20.42.108.88 - - [01/Jul/2020:09:21:51 +0000] “GET /newlicense.php HTTP/1.1” 301 3838 “-” “python-requests/2.24.0”
185.187.30.14 - - [01/Jul/2020:09:21:51 +0000] “GET / HTTP/1.1” 200 17285 “-” “Mozilla/5.0 (Linux; U; Android 4.1.2; ja-jp; SC-06D Build/JZO54K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30”
20.42.108.88 - - [01/Jul/2020:09:21:52 +0000] “GET /newlicense.php HTTP/1.1” 404 87361 “-” “python-requests/2.24.0”
::1 - - [01/Jul/2020:09:21:53 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
20.42.108.88 - - [01/Jul/2020:09:21:53 +0000] “GET /wp-content/plugins/theme-configurator/mini.php HTTP/1.1” 301 654 “-” “python-requests/2.24.0”
54.36.148.218 - - [01/Jul/2020:09:21:53 +0000] “GET /products/KM%252d947-%E6%B1%BD%E8%BD%A6%E8%BE%85%E5%8A%A9%E9%95%9C%E5%AD%90%28%E4%BE%9B%E4%B8%A4%E5%90%A8%E8%BD%A6%29-%D0%A419%7B47%7D22%7B47%7D25%7B47%7D27MM–%E2%80%93-%E7%94%B5%E9%95%80%E9%93%AC.html HTTP/1.1” 301 711 “-” “Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)
::1 - - [01/Jul/2020:09:21:54 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
20.42.108.88 - - [01/Jul/2020:09:21:54 +0000] “GET /wp-content/plugins/theme-configurator/mini.php HTTP/1.1” 301 3869 “-” “python-requests/2.24.0”
20.42.108.88 - - [01/Jul/2020:09:21:56 +0000] “GET /wp-content/plugins/theme-configurator/mini.php HTTP/1.1” 404 87361 “-” “python-requests/2.24.0”
::1 - - [01/Jul/2020:09:21:56 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
::1 - - [01/Jul/2020:09:21:57 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
::1 - - [01/Jul/2020:09:21:58 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
::1 - - [01/Jul/2020:09:21:59 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
::1 - - [01/Jul/2020:09:22:00 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
20.42.108.88 - - [01/Jul/2020:09:22:00 +0000] “GET /wp-content/plugins/widget-logic/mini.php HTTP/1.1” 301 642 “-” “python-requests/2.24.0”
20.42.108.88 - - [01/Jul/2020:09:22:03 +0000] “GET /wp-content/plugins/widget-logic/mini.php HTTP/1.1” 301 3863 “-” “python-requests/2.24.0”
20.42.108.88 - - [01/Jul/2020:09:22:04 +0000] “GET /wp-content/plugins/widget-logic/mini.php HTTP/1.1” 404 87361 “-” “python-requests/2.24.0”
218.102.220.232 - - [01/Jul/2020:09:22:04 +0000] “GET /zh-hant/ HTTP/1.1” 200 12294 “https://www.google.com/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:06 +0000] “GET /wp-includes/css/dist/block-library/style.min.css?ver=5.4.2 HTTP/1.1” 200 8045 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:06 +0000] “GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.9 HTTP/1.1” 200 4810 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:06 +0000] “GET /wp-content/plugins/cssigniter-shortcodes/src/style.css?ver=2.3.2 HTTP/1.1” 200 11324 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/socials-ignited/css/font-awesome.css?ver=4.7.0 HTTP/1.1” 200 7842 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/social-media-widget/socialwidget.css?ver=5.4.2 HTTP/1.1” 200 862 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/custom-facebook-feed-pro/css/cff-style.css?ver=3.13.1 HTTP/1.1” 200 15818 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/socials-ignited/css/style.css?ver=5.4.2 HTTP/1.1” 200 641 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.css?ver=1 HTTP/1.1” 200 1250 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/themes/business3ree/common/css/global.css?ver=2.5.5 HTTP/1.1” 200 939 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/themes/business3ree/css/base.css?ver=2.5.5 HTTP/1.1” 200 3721 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/wpml-translation-management/res/css/admin-bar-style.css?ver=2.9.8 HTTP/1.1” 200 4245 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/themes/business3ree/css/flexslider.css?ver=2.5.5 HTTP/1.1” 200 1869 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/themes/business3ree/css/mmenu.css?ver=2.5.5 HTTP/1.1” 200 4796 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/themes/business3ree/css/magnific.css?ver=2.5.5 HTTP/1.1” 200 2248 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/themes/business3ree/colors/teal.css?ver=2.5.5 HTTP/1.1” 200 1008 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/themes/business3ree/style.css?ver=2.5.5 HTTP/1.1” 200 14412 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp HTTP/1.1” 200 34283 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1” 200 4431 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/uploads/siteorigin-widgets/sow-features-default-dcaa1c8ba163.css?ver=5.4.2 HTTP/1.1” 200 1150 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/so-widgets-bundle/widgets/features/css/style.css?ver=1.17.0 HTTP/1.1” 200 756 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/siteorigin-panels/css/front-flex.min.css?ver=2.11.0 HTTP/1.1” 200 717 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/so-widgets-bundle/icons/fontawesome/style.css?ver=5.4.2 HTTP/1.1” 200 1778 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.9 HTTP/1.1” 200 4456 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/cssigniter-shortcodes/src/js/scripts.js?ver=2.3.2 HTTP/1.1” 200 1422 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/cssigniter-shortcodes/src/js/jquery.flexslider.js?ver=2.2.2 HTTP/1.1” 200 11878 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/plugins/custom-facebook-feed-pro/js/cff-scripts.js?ver=3.13.1 HTTP/1.1” 200 64466 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-includes/js/comment-reply.min.js?ver=5.4.2 HTTP/1.1” 200 1531 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/themes/business3ree/js/jquery.mmenu.min.all.js?ver=2.5.5 HTTP/1.1” 200 7910 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/themes/business3ree/panel/scripts/jquery.fitvids.js?ver=2.5.5 HTTP/1.1” 200 1828 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/themes/business3ree/js/jquery.isotope.js?ver=2.5.5 HTTP/1.1” 200 10153 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:07 +0000] “GET /wp-content/themes/business3ree/js/jquery.magnific-popup.js?ver=2.5.5 HTTP/1.1” 200 14402 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:08 +0000] “GET /wp-content/themes/business3ree/js/magnific-init.js?ver=2.5.5 HTTP/1.1” 200 777 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:08 +0000] “GET /wp-content/themes/business3ree/js/scripts.js?ver=2.5.5 HTTP/1.1” 200 1623 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:08 +0000] “GET /wp-includes/js/wp-embed.min.js?ver=5.4.2 HTTP/1.1” 200 1140 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:08 +0000] “GET /wp-content/uploads/flags/hk%20flag.png HTTP/1.1” 200 688 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:08 +0000] “GET /wp-content/uploads/2016/02/workbook-12050441920-1920x550.jpg HTTP/1.1” 200 148077 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:08 +0000] “GET /wp-content/uploads/2016/08/mgi-logo.png HTTP/1.1” 200 23509 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:08 +0000] “GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/en.png HTTP/1.1” 200 906 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:08 +0000] “GET /wp-includes/js/wp-emoji-release.min.js?ver=5.4.2 HTTP/1.1” 200 5070 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:08 +0000] “GET /wp-content/uploads/2017/05/imageedit14475962635.png HTTP/1.1” 200 90157 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:08 +0000] “GET /wp-content/plugins/so-widgets-bundle/widgets/features/css/fonts/feature-background.woff HTTP/1.1” 200 2149 “https://www.kennethchaucpa.com/wp-content/plugins/so-widgets-bundle/widgets/features/css/style.css?ver=1.17.0” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:08 +0000] “GET /wp-content/uploads/2017/04/kenneth-logo2.png HTTP/1.1” 200 84397 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
218.102.220.232 - - [01/Jul/2020:09:22:08 +0000] “GET /wp-content/uploads/2015/09/hong-kong-12233901920-1920x550.jpg HTTP/1.1” 200 112324 “https://www.kennethchaucpa.com/zh-hant/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:22:10 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 1178 “https://www.azinity.com/wp-admin/index.php” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:22:18 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 1286 “https://www.azinity.com/wp-admin/index.php” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:22:21 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 722 “https://www.azinity.com/wp-admin/index.php” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
::1 - - [01/Jul/2020:09:22:29 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
104.131.186.50 - - [01/Jul/2020:09:22:31 +0000] “GET /wp-login.php HTTP/1.1” 200 2220 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x8664; rv:62.0) Gecko/20100101 Firefox/62.0”
104.131.186.50 - - [01/Jul/2020:09:22:33 +0000] “POST /wp-login.php HTTP/1.1” 200 2621 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x8664; rv:62.0) Gecko/20100101 Firefox/62.0”
104.131.186.50 - - [01/Jul/2020:09:22:34 +0000] “POST /xmlrpc.php HTTP/1.1” 403 463 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x8664; rv:62.0) Gecko/20100101 Firefox/62.0”
102.114.197.199 - - [01/Jul/2020:09:22:38 +0000] “POST /xmlrpc.php HTTP/1.1” 403 3803 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)”
139.59.96.33 - - [01/Jul/2020:09:22:38 +0000] “POST /wp-cron.php?doingwpcron=1593595358.8872148990631103515625 HTTP/1.1” 200 3320 “https://www.azinity.com/wp-cron.php?doingwpcron=1593595358.8872148990631103515625” “WordPress/5.4.2; https://www.azinity.com
102.114.197.199 - - [01/Jul/2020:09:22:38 +0000] “POST /wp-login.php HTTP/1.1” 200 6579 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)”
84.202.100.14 - - [01/Jul/2020:09:22:52 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 1286 “https://www.azinity.com/wp-admin/index.php” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
35.196.38.103 - - [01/Jul/2020:09:22:55 +0000] “GET /category/news/ HTTP/1.0” 200 7122 “-” “ZoominfoBot (zoominfobot at zoominfo dot com)”
210.213.127.95 - - [01/Jul/2020:09:22:58 +0000] “POST /xmlrpc.php HTTP/1.1” 403 3977 “-” “-”
66.249.79.144 - - [01/Jul/2020:09:23:05 +0000] “GET /zh-hant/%E8%81%AF%E7%B5%A1%E6%88%91%E5%80%91/ HTTP/1.1” 200 11375 “-” “Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.92 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET / HTTP/1.1” 200 6731 “-” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-includes/css/dist/block-library/style.min.css?ver=5.3.4 HTTP/1.1” 200 6469 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.6 HTTP/1.1” 200 985 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/css/base.css?ver=2.0.2 HTTP/1.1” 200 3122 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/css/flexslider.css?ver=2.0.2 HTTP/1.1” 200 1740 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/common/css/global.css?ver=2.0.2 HTTP/1.1” 200 901 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/css/mmenu.css?ver=2.0.2 HTTP/1.1” 200 6439 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/assets/fontawesome/css/all.min.css?ver=2.0.2 HTTP/1.1” 200 12152 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/css/magnific.css?ver=2.0.2 HTTP/1.1” 200 2182 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/css/slick.css?ver=2.0.2 HTTP/1.1” 200 868 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1” 200 4365 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/style.css?ver=2.0.2 HTTP/1.1” 200 14850 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.6 HTTP/1.1” 200 4344 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp HTTP/1.1” 200 34129 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/js/superfish.js?ver=2.0.2 HTTP/1.1” 200 2679 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.3.2 HTTP/1.1” 200 4043 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/js/jquery.mmenu.oncanvas.js?ver=2.0.2 HTTP/1.1” 200 5322 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/js/jquery.mmenu.navbars.js?ver=2.0.2 HTTP/1.1” 200 1511 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/js/jquery.mmenu.offcanvas.js?ver=2.0.2 HTTP/1.1” 200 2728 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:06 +0000] “GET /wp-content/themes/brittany/brittany/js/jquery.mmenu.autoheight.js?ver=2.0.2 HTTP/1.1” 200 1264 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-content/themes/brittany/brittany/js/jquery.flexslider.js?ver=2.0.2 HTTP/1.1” 200 12166 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-content/themes/brittany/brittany/js/jquery.fitvids.js?ver=2.0.2 HTTP/1.1” 200 1806 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-content/themes/brittany/brittany/js/jquery.matchHeight.js?ver=2.0.2 HTTP/1.1” 200 3384 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-content/themes/brittany/brittany/js/scripts.js?ver=2.0.2 HTTP/1.1” 200 2493 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-content/themes/brittany/brittany/js/jquery.magnific-popup.js?ver=2.0.2 HTTP/1.1” 200 14314 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-content/themes/brittany/brittany/js/slick.js?ver=2.0.2 HTTP/1.1” 200 13702 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-includes/js/wp-embed.min.js?ver=5.3.4 HTTP/1.1” 200 1089 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-includes/js/wp-emoji-release.min.js?ver=5.3.4 HTTP/1.1” 200 4977 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-content/uploads/2016/04/shutterstock237798787.jpg HTTP/1.1” 200 128723 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-content/uploads/2016/04/5-1920x850.jpg HTTP/1.1” 200 160294 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:23:07 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 4343 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
112.118.7.200 - - [01/Jul/2020:09:23:08 +0000] “GET /wp-content/uploads/2016/04/imageedit13906533807.png HTTP/1.1” 200 58851 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-content/uploads/2017/06/shutterstock393318367.jpg HTTP/1.1” 200 1566132 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:08 +0000] “GET /wp-content/themes/brittany/brittany/assets/fontawesome/webfonts/fa-brands-400.woff2 HTTP/1.1” 200 72375 “http://www.chewing.com.hk/wp-content/themes/brittany/brittany/assets/fontawesome/css/all.min.css?ver=2.0.2” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:08 +0000] “GET /wp-content/themes/brittany/brittany/assets/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1” 200 74611 “http://www.chewing.com.hk/wp-content/themes/brittany/brittany/assets/fontawesome/css/all.min.css?ver=2.0.2” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:23:08 +0000] “GET /wp-content/themes/betheme/functions/builder/assets/builder.css?ver=1593595388 HTTP/1.1” 200 6376 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:08 +0000] “GET /wp-content/plugins/wp-live-chat-support/includes/blocks/wplc-inline-chat-box/includes/blocks/wplc-inline-chat-box/editor.css?ver=8.1.9 HTTP/1.1” 404 96589 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-admin/post.php?post=4375&action=edit HTTP/1.1” 200 203606 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
139.59.96.33 - - [01/Jul/2020:09:23:08 +0000] “POST /wp-cron.php?doingwpcron=1593595388.9101660251617431640625 HTTP/1.1” 200 3320 “https://www.azinity.com/wp-cron.php?doingwpcron=1593595388.9101660251617431640625” “WordPress/5.4.2; https://www.azinity.com
84.202.100.14 - - [01/Jul/2020:09:23:08 +0000] “GET /wp-content/plugins/wp-live-chat-support/includes/blocks/wplc-chat-box/includes/blocks/wplc-chat-box/editor.css?ver=8.1.9 HTTP/1.1” 404 92806 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:09 +0000] “GET /wp-content/plugins/wp-live-chat-support/includes/blocks/wplc-chat-box/includes/blocks/wplc-chat-box/block.js?ver=8.1.9 HTTP/1.1” 404 92806 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-content/uploads/2017/06/shutterstock77987791.jpg HTTP/1.1” 200 918845 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-content/uploads/2016/04/4.jpg HTTP/1.1” 200 1465823 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:23:09 +0000] “GET /wp-content/plugins/wp-live-chat-support/includes/blocks/wplc-inline-chat-box/includes/blocks/wplc-inline-chat-box/block.js?ver=8.1.9 HTTP/1.1” 404 77943 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:09 +0000] “GET /wp-content/plugins/wp-live-chat-support/includes/blocks/wplc-inline-chat-box/includes/blocks/wplc-inline-chat-box/wplcfunctions.js?ver=8.1.9 HTTP/1.1” 404 77943 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
112.118.7.200 - - [01/Jul/2020:09:23:07 +0000] “GET /wp-content/uploads/2017/06/shutterstock600532826.jpg HTTP/1.1” 200 1073696 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:23:10 +0000] “GET /wp-content/plugins/wp-live-chat-support/includes/blocks/wplc-inline-chat-box/includes/blocks/wplc-inline-chat-box/wplcfunctions.js?ver=8.1.9 HTTP/1.1” 404 92806 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
112.118.7.200 - - [01/Jul/2020:09:23:10 +0000] “GET /wp-content/uploads/2017/05/cropped-chewing-logo-100x100.jpg HTTP/1.1” 200 3441 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:10 +0000] “GET /wp-content/uploads/2017/06/Religious-Item-360x540.jpg HTTP/1.1” 200 25037 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:10 +0000] “GET /wp-content/uploads/2017/06/Jewels-Item-360x540.jpg HTTP/1.1” 200 18225 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
112.118.7.200 - - [01/Jul/2020:09:23:10 +0000] “GET /wp-content/uploads/2017/06/Dresses-360x540.jpg HTTP/1.1” 200 20525 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:23:10 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 1178 “https://www.azinity.com/wp-admin/index.php” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:23:11 +0000] “GET /wp-content/themes/betheme/functions/builder/assets/builder.js?ver=1593595388 HTTP/1.1” 200 11127 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:11 +0000] “GET /wp-json/wp/v2/ HTTP/1.1” 200 105507 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:11 +0000] “GET /wp-admin/admin-ajax.php?action=smushnotices3supportrequired HTTP/1.1” 200 466 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:12 +0000] “GET /wp-json/wp/v2/media/4376?context=edit&locale=user HTTP/1.1” 200 13978 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:12 +0000] “GET /wp-json/wp/v2/users/me?locale=user HTTP/1.1” 200 5140 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:13 +0000] “GET /wp-json/wp/v2/categories?perpage=100&orderby=name&order=asc&fields=id%2Cname%2Cparent&locale=user HTTP/1.1” 200 1346 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
112.118.7.200 - - [01/Jul/2020:09:23:13 +0000] “GET /contact/ HTTP/1.1” 200 5741 “http://www.chewing.com.hk/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:23:13 +0000] “GET /wp-json/wp/v2/taxonomies/category?context=edit&locale=user HTTP/1.1” 200 2062 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:13 +0000] “GET /wp-json/wp/v2/categories?perpage=100&orderby=count&order=desc&fields=id%2Cname&locale=user HTTP/1.1” 200 1756 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:14 +0000] “GET /wp-content/uploads/2020/07/word-cloud-6799331280-216x146.png HTTP/1.1” 304 203 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
139.59.96.33 - - [01/Jul/2020:09:23:13 +0000] “POST /wp-cron.php?doingwpcron=1593595393.2736299037933349609375 HTTP/1.1” 200 3283 “https://www.winlandjm.com/wp-cron.php?doingwpcron=1593595393.2736299037933349609375” “WordPress/5.1.6; https://www.winlandjm.com
35.185.70.58 - - [01/Jul/2020:09:23:12 +0000] “GET /product/galvanized-steel-medicine-cabinet-3/ HTTP/1.0” 200 14766 “-” “ZoominfoBot (zoominfobot at zoominfo dot com)”
112.118.7.200 - - [01/Jul/2020:09:23:14 +0000] “GET /wp-content/plugins/contact-form-7/images/ajax-loader.gif HTTP/1.1” 200 1131 “http://www.chewing.com.hk/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.6” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:23:14 +0000] “GET /wp-content/uploads/2020/07/word-cloud-6799331280.png HTTP/1.1” 304 204 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
::1 - - [01/Jul/2020:09:23:18 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
66.249.79.90 - - [01/Jul/2020:09:23:19 +0000] “GET /app-presentation-creative-website/ HTTP/1.1” 200 24025 “-” “Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.92 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
84.202.100.14 - - [01/Jul/2020:09:23:19 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 1286 “https://www.azinity.com/wp-admin/index.php” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
::1 - - [01/Jul/2020:09:23:21 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
::1 - - [01/Jul/2020:09:23:22 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
84.202.100.14 - - [01/Jul/2020:09:23:22 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 722 “https://www.azinity.com/wp-admin/index.php” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
::1 - - [01/Jul/2020:09:23:23 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
112.118.7.200 - - [01/Jul/2020:09:23:23 +0000] “GET /wp-content/uploads/2017/05/chewing-logo-transparent.png HTTP/1.1” 200 59901 “http://www.chewing.com.hk/contact/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:23:25 +0000] “GET /wp-json/yoast/v1/prominentwords?word=keyword+research+best+practices HTTP/1.1” 200 2109 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:25 +0000] “GET /wp-json/wp/v2/tags?perpage=100&orderby=count&order=desc&fields=id%2Cname&include=2945&locale=user HTTP/1.1” 200 1278 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:25 +0000] “GET /wp-json/wp/v2/taxonomies/posttag?context=edit&locale=user HTTP/1.1” 200 2571 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:25 +0000] “GET /wp-json/yoast/v1/prominentwords?word=keyword+research HTTP/1.1” 200 1500 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:26 +0000] “GET /wp-json/yoast/v1/prominentwords?word=research+best+practices HTTP/1.1” 200 1521 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
162.158.165.32 - - [01/Jul/2020:09:23:24 +0000] “GET /wp-login.php HTTP/1.1” 200 6104 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:09:23:26 +0000] “GET /wp-json/yoast/v1/prominentwords?word=search+intent HTTP/1.1” 200 1491 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
172.69.135.216 - - [01/Jul/2020:09:23:25 +0000] “POST /wp-cron.php?doingwpcron=1593595405.2614119052886962890625 HTTP/1.1” 200 3973 “https://www.brighteroptical.com/wp-cron.php?doingwpcron=1593595405.2614119052886962890625” “WordPress/5.4.2; https://www.brighteroptical.com
84.202.100.14 - - [01/Jul/2020:09:23:27 +0000] “GET /wp-json/yoast/v1/prominentwords?word=search+volume HTTP/1.1” 200 1491 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:27 +0000] “GET /wp-json/yoast/v1/prominentwords?word=search+terms HTTP/1.1” 200 1488 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:27 +0000] “GET /wp-json/yoast/v1/prominentwords?word=long-tail+keywords HTTP/1.1” 200 1506 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:28 +0000] “GET /wp-json/yoast/v1/prominentwords?word=search+intent+and+search+volume HTTP/1.1” 200 1545 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:28 +0000] “GET /wp-json/yoast/v1/prominentwords?word=buy+black+sneakers+in+california HTTP/1.1” 200 1548 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:29 +0000] “GET /wp-json/yoast/v1/prominentwords?word=keyword+research+best+practices+search HTTP/1.1” 200 1566 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:29 +0000] “GET /wp-json/yoast/v1/prominentwords?word=keywords HTTP/1.1” 200 1476 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
14.192.212.100 - - [01/Jul/2020:09:23:29 +0000] “POST /xmlrpc.php HTTP/1.1” 403 446 “-” “-”
84.202.100.14 - - [01/Jul/2020:09:23:30 +0000] “GET /wp-json/yoast/v1/prominentwords?word=keyword HTTP/1.1” 200 1473 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
89.43.139.166 - - [01/Jul/2020:09:23:30 +0000] “GET /wp-login.php HTTP/1.1” 200 5411 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x8664; rv:62.0) Gecko/20100101 Firefox/62.0”
84.202.100.14 - - [01/Jul/2020:09:23:30 +0000] “GET /wp-json/yoast/v1/prominentwords?word=best+practices HTTP/1.1” 200 1494 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”
84.202.100.14 - - [01/Jul/2020:09:23:30 +0000] “GET /wp-json/yoast/v1/prominentwords?word=buy+black+sneakers HTTP/1.1” 200 1506 “https://www.azinity.com/wp-admin/post.php?post=4375&action=edit” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Edg/83.0.478.56”

139.59.96.33 - - [01/Jul/2020:16:32:02 +0000] “POST /wp-cron.php?doingwpcron=1593621122.5536470413208007812500 HTTP/1.1” 200 3283 “https://www.winlandjm.com/wp-cron.php?doing_wp_cron=1593621122.5536470413208007812500” “WordPress/5.1.6; https://www.winlandjm.com
46.229.168.134 - - [01/Jul/2020:16:32:01 +0000] “GET /product/wall-mounted-mailbox-26/ HTTP/1.1” 200 15496 “-” “Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)
104.196.143.164 - - [01/Jul/2020:16:32:10 +0000] “GET /handles/ HTTP/1.0” 200 7645 “-” “ZoominfoBot (zoominfobot at zoominfo dot com)”
35.231.241.106 - - [01/Jul/2020:16:32:13 +0000] “GET /zh-hant/ HTTP/1.0” 200 6526 “-” “ZoominfoBot (zoominfobot at zoominfo dot com)”
84.202.100.14 - - [01/Jul/2020:16:32:26 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 1286 “https://www.azinity.com/wp-admin/edit.php?s&post_status=all&post_type=page&m=202001&seo_filter&readability_filter&paged=1” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
35.231.241.106 - - [01/Jul/2020:16:32:48 +0000] “GET /portfolio/c-cotton-cordage/ HTTP/1.0” 200 5796 “-” “ZoominfoBot (zoominfobot at zoominfo dot com)”
139.59.96.33 - - [01/Jul/2020:16:32:53 +0000] “POST /wp-cron.php?doingwpcron=1593621173.5667989253997802734375 HTTP/1.1” 200 3320 “https://www.azinity.com/wp-cron.php?doing_wp_cron=1593621173.5667989253997802734375” “WordPress/5.4.2; https://www.azinity.com
84.202.100.14 - - [01/Jul/2020:16:32:53 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 1286 “https://www.azinity.com/wp-admin/edit.php?s&post_status=all&post_type=page&m=202001&seo_filter&readability_filter&paged=1” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:16:32:57 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 722 “https://www.azinity.com/wp-admin/edit.php?s&post_status=all&post_type=page&m=202001&seo_filter&readability_filter&paged=1” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
35.231.241.106 - - [01/Jul/2020:16:32:58 +0000] “GET /portfolio/i-nylon-cordage/ HTTP/1.0” 200 5851 “-” “ZoominfoBot (zoominfobot at zoominfo dot com)”
104.196.143.164 - - [01/Jul/2020:16:33:18 +0000] “GET /zh-hant/ HTTP/1.0” 200 7810 “-” “ZoominfoBot (zoominfobot at zoominfo dot com)”
139.59.96.33 - - [01/Jul/2020:16:33:27 +0000] “POST /wp-cron.php?doingwpcron=1593621207.6146600246429443359375 HTTP/1.1” 200 166 “http://www.chewing.com.hk/wp-cron.php?doing_wp_cron=1593621207.6146600246429443359375” “WordPress/5.3.4; http://www.chewing.com.hk
54.36.148.155 - - [01/Jul/2020:16:33:27 +0000] “GET / HTTP/1.1” 200 6675 “-” “Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)
172.69.134.143 - - [01/Jul/2020:16:33:28 +0000] “GET /static/ecommerce/144/144080/js/scriptaculous/slider.js HTTP/1.1” 301 694 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
84.202.100.14 - - [01/Jul/2020:16:33:28 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 1286 “https://www.azinity.com/wp-admin/edit.php?s&post_status=all&post_type=page&m=202001&seo_filter&readability_filter&paged=1” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
54.36.149.68 - - [01/Jul/2020:16:33:28 +0000] “GET /robots.txt HTTP/1.1” 200 4099 “-” “Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)
172.69.134.143 - - [01/Jul/2020:16:33:29 +0000] “GET /static/ecommerce/144/144080/js/scriptaculous/slider.js HTTP/1.1” 301 4218 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
162.158.167.192 - - [01/Jul/2020:16:33:30 +0000] “POST /wp-cron.php?doingwpcron=1593621210.5525879859924316406250 HTTP/1.1” 200 3973 “https://www.brighteroptical.com/wp-cron.php?doing_wp_cron=1593621210.5525879859924316406250” “WordPress/5.4.2; https://www.brighteroptical.com
162.158.165.162 - - [01/Jul/2020:16:33:32 +0000] “GET /static/ecommerce/144/144080/skin/frontend/rwd/ivresponsive/js/lib/matchmedia.js HTTP/1.1” 301 746 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
162.158.165.162 - - [01/Jul/2020:16:33:33 +0000] “GET /static/ecommerce/144/144080/skin/frontend/rwd/ivresponsive/js/lib/matchmedia.js HTTP/1.1” 301 4244 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
162.158.166.131 - - [01/Jul/2020:16:33:34 +0000] “GET /static/ecommerce/144/144080/js/calendar/calendar-setup.js HTTP/1.1” 301 700 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
162.158.166.131 - - [01/Jul/2020:16:33:34 +0000] “GET /static/ecommerce/144/144080/js/calendar/calendar-setup.js HTTP/1.1” 301 4221 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
172.69.135.12 - - [01/Jul/2020:16:33:36 +0000] “GET /static/ecommerce/144/144080/js/lib/ccard.js HTTP/1.1” 301 672 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
172.69.135.12 - - [01/Jul/2020:16:33:38 +0000] “GET /static/ecommerce/144/144080/js/lib/ccard.js HTTP/1.1” 301 4207 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
162.158.167.50 - - [01/Jul/2020:16:33:39 +0000] “GET /static/ecommerce/144/144080/js/mage/cookies.js HTTP/1.1” 301 678 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
162.158.167.50 - - [01/Jul/2020:16:33:40 +0000] “GET /static/ecommerce/144/144080/js/mage/cookies.js HTTP/1.1” 301 4210 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
125.131.98.219 - - [01/Jul/2020:16:33:42 +0000] “GET /wp-login.php HTTP/1.1” 301 564 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x8664; rv:62.0) Gecko/20100101 Firefox/62.0”
125.131.98.219 - - [01/Jul/2020:16:33:43 +0000] “GET /wp-login.php HTTP/1.1” 200 5486 “http://www.allyintl.com/wp-login.php” “Mozilla/5.0 (X11; Ubuntu; Linux x8664; rv:62.0) Gecko/20100101 Firefox/62.0”
125.131.98.219 - - [01/Jul/2020:16:33:44 +0000] “GET ///?author=1 HTTP/1.1” 301 558 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x8664; rv:62.0) Gecko/20100101 Firefox/62.0”
172.68.146.148 - - [01/Jul/2020:16:33:44 +0000] “GET /static/ecommerce/144/144080/skin/frontend/rwd/ivresponsive/js/lib/matchmedia.js HTTP/1.1” 404 75939 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
125.131.98.219 - - [01/Jul/2020:16:33:45 +0000] “GET /?author=1 HTTP/1.1” 301 3394 “http://www.allyintl.com///?author=1” “Mozilla/5.0 (X11; Ubuntu; Linux x8664; rv:62.0) Gecko/20100101 Firefox/62.0”
162.158.167.6 - - [01/Jul/2020:16:33:45 +0000] “GET /static/ecommerce/144/144080/js/calendar/calendar-setup.js HTTP/1.1” 404 75939 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
162.158.165.66 - - [01/Jul/2020:16:33:47 +0000] “GET /static/ecommerce/144/144080/js/lib/ccard.js HTTP/1.1” 404 75939 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
125.131.98.219 - - [01/Jul/2020:16:33:47 +0000] “GET /?author=1 HTTP/1.1” 404 23007 “https://www.allyintl.com/?author=1” “Mozilla/5.0 (X11; Ubuntu; Linux x8664; rv:62.0) Gecko/20100101 Firefox/62.0”
162.158.165.78 - - [01/Jul/2020:16:33:49 +0000] “GET /static/ecommerce/144/144080/js/mage/cookies.js HTTP/1.1” 404 75939 “-” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)”
125.131.98.219 - - [01/Jul/2020:16:33:50 +0000] “GET ///wp-json/wp/v2/users/ HTTP/1.1” 301 580 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x8664; rv:62.0) Gecko/20100101 Firefox/62.0”
125.131.98.219 - - [01/Jul/2020:16:33:52 +0000] “GET /wp-json/wp/v2/users/ HTTP/1.1” 200 4142 “http://www.allyintl.com///wp-json/wp/v2/users/” “Mozilla/5.0 (X11; Ubuntu; Linux x8664; rv:62.0) Gecko/20100101 Firefox/62.0”
::1 - - [01/Jul/2020:16:33:54 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
18.230.13.131 - - [01/Jul/2020:16:33:54 +0000] “POST /xmlrpc.php HTTP/1.1” 403 463 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x8664; rv:62.0) Gecko/20100101 Firefox/62.0”
139.59.96.33 - - [01/Jul/2020:16:33:56 +0000] “POST /wp-cron.php?doingwpcron=1593621235.6483728885650634765625 HTTP/1.1” 200 3320 “https://www.azinity.com/wp-cron.php?doingwpcron=1593621235.6483728885650634765625” “WordPress/5.4.2; https://www.azinity.com
84.202.100.14 - - [01/Jul/2020:16:33:55 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 1286 “https://www.azinity.com/wp-admin/edit.php?s&poststatus=all&posttype=page&m=202001&seofilter&readabilityfilter&paged=1” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
84.202.100.14 - - [01/Jul/2020:16:33:59 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 722 “https://www.azinity.com/wp-admin/edit.php?s&poststatus=all&posttype=page&m=202001&seofilter&readabilityfilter&paged=1” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”
157.55.39.80 - - [01/Jul/2020:16:34:00 +0000] “GET /how-to-sell-home-decor-online/ HTTP/1.1” 200 33149 “-” “Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)
::1 - - [01/Jul/2020:16:34:07 +0000] “OPTIONS * HTTP/1.0” 200 126 “-” “Apache/2.4.43 (Ubuntu) OpenSSL/1.1.1g (internal dummy connection)”
58.10.101.92 - - [01/Jul/2020:16:34:15 +0000] “POST /xmlrpc.php HTTP/1.1” 403 442 “-” “-”
66.249.68.40 - - [01/Jul/2020:16:34:23 +0000] “GET / HTTP/1.1” 301 277 “-” “Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.92 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
66.249.79.181 - - [01/Jul/2020:16:34:24 +0000] “GET / HTTP/1.1” 200 6580 “-” “Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.92 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
84.202.100.14 - - [01/Jul/2020:16:34:30 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 1286 “https://www.azinity.com/wp-admin/edit.php?s&poststatus=all&posttype=page&m=202001&seofilter&readability_filter&paged=1” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”

Reply Report
Azinity July 2, 2020

hi there,

we’d like to share some htop output which shows that both cores maxed out with surprisingly few apache2 child processes running which is different from the phenomenon for the past few days where apache2 child processes were running when the sites are down.

any suggestion will be highly appreciated.

br, tom

1 [||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||100.0%] Tasks: 123, 130 thr; 76 running
2 [||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||100.0%] Load average: 13.70 4.06 1.55
Mem[|||||||||||||||||||||||||||||||||||||||||||||||||||||||||1.64G/1.95G] Uptime: 4 days, 00:33:30
Swp[ 0K/0K]

PID USER PRI NI VIRT RES SHR S CPU% MEM% TIME+ Command
14378 root 20 0 25316 3348 2156 R 1.0 0.2 0:45.14 htop
1663 root 20 0 509M 13164 0 S 0.0 0.6 3:05.51 python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2
14289 root 20 0 92800 2508 1528 S 0.0 0.1 0:00.89 sshd: root@pts/0
1 root 20 0 180M 4752 3016 S 0.0 0.2 0:11.79 init
632 root 20 0 38248 4244 1788 S 0.0 0.2 0:14.15 systemd-journald
673 root 20 0 94772 532 356 S 0.0 0.0 0:00.00 lvmetad -f
709 root 20 0 42512 2456 1652 S 0.0 0.1 0:00.52 systemd-udevd
949 systemd-t 20 0 97M 244 0 S 0.0 0.0 0:00.00 systemd-timesyncd
947 systemd-t 20 0 97M 244 0 S 0.0 0.0 0:00.55 systemd-timesyncd
1430 root 20 0 662M 1116 968 S 0.0 0.1 0:00.38 lxcfs /var/lib/lxcfs/
1432 root 20 0 662M 1116 968 S 0.0 0.1 0:00.38 lxcfs /var/lib/lxcfs/
30581 root 20 0 662M 1116 968 S 0.0 0.1 0:00.30 lxcfs /var/lib/lxcfs/
30582 root 20 0 662M 1116 968 S 0.0 0.1 0:00.33 lxcfs /var/lib/lxcfs/
30583 root 20 0 662M 1116 968 S 0.0 0.1 0:00.31 lxcfs /var/lib/lxcfs/
30584 root 20 0 662M 1116 968 S 0.0 0.1 0:00.31 lxcfs /var/lib/lxcfs/
30585 root 20 0 662M 1116 968 S 0.0 0.1 0:00.30 lxcfs /var/lib/lxcfs/
30586 root 20 0 662M 1116 968 S 0.0 0.1 0:00.23 lxcfs /var/lib/lxcfs/
24670 root 20 0 662M 1116 968 S 0.0 0.1 0:00.14 lxcfs /var/lib/lxcfs/
1402 root 20 0 662M 1116 968 S 0.0 0.1 0:02.76 lxcfs /var/lib/lxcfs/
1403 root 20 0 5216 116 0 S 0.0 0.0 0:14.95 iscsid
1405 root 10 -10 5716 3528 2440 S 0.0 0.2 1:09.39 iscsid
1407 root 20 0 4392 1144 1056 S 0.0 0.1 0:00.00 acpid
1419 root 20 0 27728 2096 1816 S 0.0 0.1 0:01.09 cron -f
1423 messagebu 20 0 42888 1764 1272 S 0.0 0.1 0:01.31 dbus-daemon –system –address=systemd: –nofork –nopidfile –systemd-activation
1469 do-agent 20 0 446M 13016 6492 S 0.0 0.6 0:06.87 do-agent –syslog
1470 do-agent 20 0 446M 13016 6492 S 0.0 0.6 0:09.46 do-agent –syslog
1471 do-agent 20 0 446M 13016 6492 S 0.0 0.6 0:09.43 do-agent –syslog
1472 do-agent 20 0 446M 13016 6492 S 0.0 0.6 0:00.00 do-agent –syslog
1606 do-agent 20 0 446M 13016 6492 S 0.0 0.6 0:10.98 do-agent –syslog
1607 do-agent 20 0 446M 13016 6492 S 0.0 0.6 0:10.07 do-agent –syslog
1695 do-agent 20 0 446M 13016 6492 S 0.0 0.6 0:08.70 do-agent –syslog
14312 do-agent 20 0 446M 13016 6492 S 0.0 0.6 0:01.94 do-agent –syslog
16723 do-agent 20 0 446M 13016 6492 S 0.0 0.6 0:05.60 do-agent –syslog
1440 do-agent 20 0 446M 13016 6492 S 0.0 0.6 1:14.55 do-agent –syslog
1443 daemon 20 0 26044 1168 964 S 0.0 0.1 0:00.01 atd -f
1536 syslog 20 0 250M 1872 0 S 0.0 0.1 0:01.11 rsyslogd -n
1537 syslog 20 0 250M 1872 0 S 0.0 0.1 0:04.06 rsyslogd -n
F1Help F2Setup F3SearchF4FilterF5Tree F6SortByF7Nice -F8Nice +F9Kill F10Quit

1 [||||||||||||||||||||||||100.0%] Tasks: 155, 125 thr; 65 running
2 [||||||||||||||||||||||||100.0%] Load average: 14.69 4.99 1.88
Mem[|||||||||||||||||||1.65G/1.95G] Uptime: 4 days, 05:33:51
Swp[ 0K/0K]

PID USER PRI NI VIRT RES SHR S CPU% MEM% TIME+ Command
22709 root 20 0 24804 2488 1608 R 0.7 0.1 0:21.18 htop
1663 root 20 0 509M 13212 36 S 0.0 0.6 3:15.53 python3 /usr/bin/
632 root 20 0 38248 4156 1700 S 0.0 0.2 0:14.86 systemd-journald
1405 root 10 -10 5716 3528 2440 S 0.0 0.2 1:12.91 iscsid
1 root 20 0 180M 4664 2928 S 0.0 0.2 0:12.26 init
1451 syslog 20 0 250M 2480 608 S 0.0 0.1 0:07.60 rsyslogd -n
1711 root 20 0 509M 13212 36 S 0.0 0.6 0:07.68 python3 /usr/bin/
1712 root 20 0 509M 13212 36 S 0.0 0.6 0:52.88 python3 /usr/bin/
1403 root 20 0 5216 116 0 S 0.0 0.0 0:15.71 iscsid
1683 root 20 0 568M 14320 5032 S 0.0 0.7 1:03.28 apache2 -k start
22500 root 20 0 92800 1568 596 S 0.0 0.1 0:00.42 sshd: root@pts/0
1693 root 20 0 509M 13212 36 S 0.0 0.6 0:56.93 python3 /usr/bin/
1699 root 20 0 509M 13212 36 S 0.0 0.6 0:55.73 python3 /usr/bin/
673 root 20 0 94772 532 356 S 0.0 0.0 0:00.00 lvmetad -f
709 root 20 0 42512 1988 1184 S 0.0 0.1 0:00.53 systemd-udevd
949 systemd-t 20 0 97M 344 100 S 0.0 0.0 0:00.00 systemd-timesyncd

1 [||||||||||||||||||||||||100.0%] Tasks: 116, 122 thr; 62 running
2 [||||||||||||||||||||||||100.0%] Load average: 19.69 5.53 1.95
Mem[|||||||||||||||||||1.76G/1.95G] Uptime: 4 days, 07:37:05
Swp[ 0K/0K]

PID USER PRI NI VIRT RES SHR S CPU% MEM% TIME+ Command
22709 root 20 0 24828 3028 2124 R 0.7 0.1 1:06.94 htop
1663 root 20 0 509M 13180 0 S 0.0 0.6 3:19.69 python3 /usr/bin/
632 root 20 0 38248 4216 1760 S 0.0 0.2 0:15.06 systemd-journald
1405 root 10 -10 5716 3528 2440 S 0.0 0.2 1:14.35 iscsid
1 root 20 0 180M 4452 2716 S 0.0 0.2 0:12.38 init
1451 syslog 20 0 250M 1788 0 S 0.0 0.1 0:07.69 rsyslogd -n
1711 root 20 0 509M 13180 0 S 0.0 0.6 0:07.88 python3 /usr/bin/
1712 root 20 0 509M 13180 0 S 0.0 0.6 0:53.82 python3 /usr/bin/
1403 root 20 0 5216 116 0 S 0.0 0.0 0:16.03 iscsid
1683 root 20 0 568M 14404 5116 S 0.0 0.7 1:04.07 apache2 -k start
22500 root 20 0 92800 1572 584 S 0.0 0.1 0:02.52 sshd: root@pts/0
1693 root 20 0 509M 13180 0 S 0.0 0.6 0:58.37 python3 /usr/bin/
1699 root 20 0 509M 13180 0 S 0.0 0.6 0:56.76 python3 /usr/bin/
673 root 20 0 94772 532 356 S 0.0 0.0 0:00.00 lvmetad -f
709 root 20 0 42512 1184 380 S 0.0 0.1 0:00.54 systemd-udevd
949 systemd-t 20 0 97M 244 0 S 0.0 0.0 0:00.00 systemd-timesyncd

Reply Report
Kay86 July 3, 2020

I am new to DO

I have a basic $5 droplet in London region with nothing inside of it installed with just a basic CentOS. I haven’t done anything nor have I even logged into console or changed the root password yet.

To my surprise, the CPU is spiking every hour with the odd load spike too!?

See attached link to image Screenshot here

Reply Report
  • Azinity July 6, 2020

    hi @Kay86,

    well, i guess yours has one virtual core and your cpu load average is well below 1 so i believe your website works during the cpu spike. am i right in saying that?

    however, my problem is cpu load spikes up to 20-40 while having only two cores. this killed the mysql process and all our sites were down.

    the DO support did not reply to me even after two tickets opened! you can other forums like https://stackoverflow.com/, https://askubuntu.com/, etc. if you have any issues but got no reply from the DO support.

    good luck!

    br,
    tom

    Reply Report
Azinity July 6, 2020

hi @bobbyiliev,

i ran your script and came up with the below results. i got some hints from a guy on unix.com community who suggested some very aggressive, rogue, unidentified bots originating on Chinese networks! however, i don’t find anything malicious or anomalous in the second session where the cpu load spiked and mysql was killed. am i missing something?? any idea?

Top 20 GET requests:
76   GET  /wp-content/themes/bridge/css/style_dynamic_responsive_callback.php
80   GET  /wp-includes/js/jquery/ui/tabs.min.js
81   GET  /wp-includes/js/comment-reply.min.js
83   GET  /wp-includes/js/jquery/ui/accordion.min.js
83   GET  /wp-includes/js/jquery/ui/sortable.min.js
84   GET  /wp-includes/js/jquery/ui/core.min.js
84   GET  /wp-includes/js/jquery/ui/widget.min.js
85   GET  /wp-includes/js/jquery/ui/mouse.min.js
88   GET  /wp-includes/css/dist/block-library/style.min.css
92   GET  /wp-content/uploads/2014/05/logo_urban.png
93   GET  /wp-includes/js/wp-emoji-release.min.js
107  GET  /wp-content/plugins/contact-form-7/includes/css/styles.css
116  GET  /wp-includes/js/wp-embed.min.js
122  GET  /wp-includes/js/jquery/jquery-migrate.min.js
125  GET  /wp-content/plugins/contact-form-7/includes/js/scripts.js
126  GET  /wp-includes/js/jquery/jquery.js
308  GET  /wp-json/yoast/v1/prominent_words
396  GET  /robots.txt
574  GET  /wp-login.php
663  GET  /

Most Recent top 20 GET requests:
2   GET  /wp-content/plugins/cssigniter-shortcodes/src/fonts/fontawesome-webfont.woff2
2   GET  /wp-content/plugins/cssigniter-shortcodes/src/js/jquery.flexslider.js
2   GET  /wp-content/themes/technico/js/superfish.js
2   GET  /wp-includes/js/jquery/jquery.js
2   GET  /wp-includes/js/jquery/jquery-migrate.min.js
2   GET  /wp-includes/js/wp-embed.min.js
2   GET  /wp-json/oembed/1.0/embed
2   GET  ///wp-json/wp/v2/users/
2   GET  /zh-hant/
2   GET  /zh-hant/%E6%B2%96%E5%A3%93%E6%A9%9F/
3   GET  /contact/
3   GET  /dev/wp-admin/
3   GET  //install/
3   GET  /reborny/about/
4   GET  /&nbsp
4   GET  /website-design-service-blog/&nbsp
12  GET  /southchinastring/
25  GET  /wp-login.php
50  GET  /robots.txt
74  GET  /

Top 20 POST requests for:
4     POST  /wp-json/contact-form-7/v1/contact-forms/5/feedback
4     POST  //wp-login.php
5     POST  //cate/dangdouqiao.ASp
5     POST  //xmlrpc.php
6     POST  /wp-admin/update-core.php
6     POST  /zh-hant/
8     POST  /hotcrafthobby/
16    POST  /wp-admin/post.php
16    POST  /wp-json/wp/v2/posts/4426
18    POST  /wp-json/yoast/v1/prominent_words_link/4426
54    POST  /wp-content/plugins/wp-phpmyadmin-extension/lib/phpMyAdmin_1JjuZITe0KGPznkN9D6l5dX/error_report.php
65    POST  /southchinastring/wp-login.php
77    POST  /
99    POST  /hotcrafthobby/wp-cron.php
163   POST  /hotcrafthobby/wp-admin/admin-ajax.php
227   POST  /wp-json/wp/v2/yst_prominent_words
535   POST  /xmlrpc.php
575   POST  /wp-login.php
1359  POST  /wp-cron.php
1925  POST  /wp-admin/admin-ajax.php

Most Recent top 20 POST requests:
1    POST  /assets/images/blackhat.php
1    POST  /components/com_jce/editor/tiny_mce/plugins/imgmanager_ext/classes/image/imagick.php
1    POST  /contact/
1    POST  /error-logs.php
1    POST  /wp-admin/includes/lock46.php
1    POST  /wp-content/plugins/way2register.php
1    POST  /wp-json/contact-form-7/v1/contact-forms/5/feedback
1    POST  /wp-json/contact-form-7/v1/contact-forms/9/feedback
2    POST  /
2    POST  //cbvvc/mupiaowen.asp
2    POST  /hotcrafthobby/wp-cron.php
2    POST  /zh-hant/
15   POST  /xmlrpc.php
20   POST  /wp-login.php
65   POST  /southchinastring/wp-login.php
109  POST  /wp-cron.php
217  POST  /wp-admin/admin-ajax.php

Top 20 IP addresses that have been accessing your site:
Do you want geo location check for the IPs? [yes/no]
yes
3948    84.202.100.14    Norway
1311    139.59.96.33    Singapore
995    222.79.50.74    China
837    110.167.93.145    China
772    124.235.138.14    China
722    223.166.74.9    China
682    113.128.105.94    China
628    27.211.56.183    China
556    1.30.28.77    China
549    222.94.212.104    China
543    58.244.10.241    China
488    185.69.144.24    United Kingdom
445    222.94.195.46    China
432    121.57.12.85    China
361    121.57.229.55    China
294    113.128.105.226    China
283    114.33.16.191    Taiwan
251    61.238.142.146    Hong Kong
230    210.3.196.182    Hong Kong

Most Recent top 20 IP addresses:
185    84.202.100.14    Norway
104    139.59.96.33    Singapore
87    62.210.143.10    France
73    183.89.212.199    Thailand
69    36.237.55.63    Taiwan
59    180.215.255.141    India
31    110.235.33.135    India
16    77.75.77.101    Czech Republic
13    216.244.66.226    United States
10    34.73.85.242    United States
7    77.88.5.176    Russian Federation
6    199.58.86.211    United States
5    35.231.80.6    United States
5    216.244.66.230    United States
5    193.106.30.99    Ukraine
4    66.249.65.134    United States
4    64.202.185.246    United States
4    62.84.58.177    Kazakhstan
4    46.229.168.163    United States
edited by bobbyiliev
Reply Report
  • bobbyiliev July 6, 2020

    Hi there @Azinity,

    As far as I can see there are quite a lot of requests from that one specific IP address based in Norway, if this is not your personal IP, you could try denying the IP via your firewall.

    On another note, what I could suggest in your case is possibly enabling Cloudflare for your website, that way your Droplet’s IP would be hidden behind the Cloudflare CDN, and people would not actually reach the Droplet directly.

    This should reduce the overall load on the server, and also Cloudflare has free DDoS protection, so in case you notice any CPU spikes again, you could enable the DDoS protection.

    You can also block whole countries via Cloudflare in case that you need to.

    Hope that this helps!
    Regards,
    Bobby

    Reply Report
Azinity July 7, 2020

Hi @bobbyiliev,

Thank you so much for your suggestions.

Since I ain’t a server guy, what you have suggested has indeed given me some insights. To be honest with you, we have yet to fix the mysterious hourly CPU load spike which cripples our websites for almost a minute every hour! No one from the DO support team ever replied to our tickets! That’s ridiculous!

I have also posted on many forums like askubuntu, unix.com, etc. but no one figures out what the root cause is.

Yes, we have offices in Norway, UK, HK, and China so those are our IPs. Our China office uses VPN which means their IPs vary from time to time. So how can we find out which IPs from China are malicious? Shall we block those IPs?

Besides, do you think if migrating to another server or service provider will help?

Any more suggestions would be highly appreciated!

BR,
Tom

Reply Report
  • bobbyiliev July 7, 2020

    Hi there @Azinity,

    From the information that you’ve provided, it might be just that you are getting to much legitimate traffic and not really any malicious traffic.

    What I could suggest in your case is, trying to optimize Apache and your Website so that it does not use so much CPU. To do so you could consider changing your current PHP handler from mod_php to PHP-FPM for example and also adding some WordPress caching to reduce the overall load on the server.

    Another thing you could consider is adding a couple more CPUs to your server, as you currently only have 2 which might not be enough for the amount of traffic that you get at once.

    I don’t think that it is anything to do with the service provider in this case, you just need to find the bottleneck and optimize.

    Hope that this helps!
    Regards,
    Bobby

    Reply Report
Azinity July 8, 2020

hi @bobbyiliev,

thanks for your suggestions.

i ain’t a server guy so please correct me if i am wrong.

if you look at the performance graph, even when the cpu load average (1 min) peaks at 20.71, the cpu hit 46.47% only and the memory hit 53%. the highest cpu and memory have never exceeded 57.5% and 88% respectively. so will simply adding more cpu solve the issue?

why was the cpu graph still showing 57.5% when the cpu load average spiked to 20.71?

br,
tom

Reply Report
Azinity July 8, 2020

hi @bobbyiliev,

besides, the spike hits exactly every hour! here is the performance graph. it is so systematic that they don’t seem to be any traffic from our office or legit users!!

what do you think?

br,
tom

Reply Report
  • bobbyiliev July 9, 2020

    Hi there,

    As it spikes every hour, it mostlikely is caused by a cronjob on your server.

    I would recommend checking your cron jobs and possibly making them run during non-busy times for your website so that they don’t cause issues for your visitors.

    Let me know how it goes!
    Regards,
    Bobby

    Reply Report
Previous 1 2 Next
Load More Answers

Related

Looking for something else?

Ask a new question Search for more help