Your server has a high load when you run apache?

What’s going on? Are you trying to reboot your server and after a few seconds it crashes. Are you using Wordpress?

First thing to do is the check if somebody is running a brute force attack againt your wordpress installation. If you have multiple installation inside the same virtual machine, well an out of memory problem will freeze your host.

There are different kind of brute force attack, today we are talking about the last one we need to face during our work. There are many instances where a server that has not been protected or optimized could experience issues or errors after receiving a small amount of malicious traffic. These attacks result in exhaustion of system resources causing services like MySQL to be unresponsive.

WordPress utilizes XML-RPC to remotely execute functions. This same functionality also can be exploited to send thousands of requests to WordPress in a short amount of time. This scenario is effectively a brute force attack.

Your WordPress site is receiving XML-RPC attacks if the commands above result in many lines of output, similar to this example:

xxx.com:80 191.96.249.20 - [21/Jul/2016:07:51:11 +0200] "POST /xmlrpc.php HTTP/1.0" 403 0 "
xxx.com:80 191.96.249.20 - [21/Jul/2016:07:51:11 +0200] "POST /xmlrpc.php HTTP/1.0" 403 495 "
xxx.com:80 191.96.249.20 - [21/Jul/2016:07:51:12 +0200] "POST /xmlrpc.php HTTP/1.0" 403 495 "
xxx.com:80 191.96.249.20 - [21/Jul/2016:07:51:12 +0200] "POST /xmlrpc.php HTTP/1.0" 403 495 "

The XML-RPC block can manually be applied to your Apache or Nginx configuration.

<VirtualHost>
…    
    <files xmlrpc.php>
      order allow,deny
      deny from all
    </files>
</VirtualHost>

 

 

 

Davide Peri

Founder of pesav.com