Quote:
Originally Posted by Zverka
hmmm this is highly unusual unless it is vps with 32mb of RAM.
Anyway by any chance you are running WP sites on that server? And must be one at least on the server, who dosen't have it  nowdays. The real culprit could be xmlrpc.php in root of wp site. I have seen recently many attacks on this file and one Quad Core server which usual load is about 2-3 constantly, suddently go high up to 40 because of those attacks from many bad bots trying to hacks wp site thru xmlrpc.
Run this against access.log (apache or nginx) to see if there are many access attempts to xmlrpc.php
grep xmlrpc access.log | cut -d' ' -f1 | sort | uniq -c | sort -rn | head -n8
Those attacks are usually frequent on weekends when "hackers" are out from school and they are hacking sites from their free amazone instances ;)
I forbid access to xmlrpc.php in nginx and they are gone; since then server is cool.
More info here Disable XML-RPC in WordPress to Prevent DDoS Attack - BlogAid
Hope this will help someone
|
Thats pretty helpful. Thanks a lot. Yes there are some WP sites and bots have been hitting certain files, usually search or jpg related.