All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Need advice on my website
Note: I am a newbie admin. Please be kind to me.
I am hosting about 5 domains on a single web server (nginx +php-fpm). All working well for many months. (600 visitors a day combined)
Suddenly, last Friday, NGINX is reporting 504 gateway timeout. I try restarting nginx and php, and my website worked. After a minute or two, 504 again.
I repeated several times restarting, but with the same result.
When I try checked my logs, I discovered the problem. One of my domain is being accessed multiple times a second. And it has been for several hours (8hrs) And it overwhelms php-fpm.
The surprising thing is, this domain is idle. Just a blank wordpress. It is also un-interesting as it is in my native local language.
What could be a possible reason for this?
And because I am a genius admin, I deleted my logs, and can't anylyze much now. I just removed the site from my vps.
Any hint on what I need to put on iptables or nginx to prevent this?
Comments
Maybe a Wordpress admin bruteforcer? But if you're being overloaded by that, there's another problem at heart.
Probably a bruteforce. Moving it off the VPS and point it elsewhere (like 127.0.0.1) is a good option when you're not using the domain.
DDoS, an abusive crawler, your wordpress installation is used to attack others.
You could implement some rate-limiting for your nginx setup.
Go to the php-section of your nginx config and implement something like this:
location ~ .php$ {
limit_req zone=limit burst=4 nodelay;
Also, in your main nginx config (nginx.conf) in the http part, add:
http {
limit_req_zone $binary_remote_addr zone=limit:50m rate=4r/s;
This will limit requests to both http and php. If you have multiple site configs you'd have to add the php part to each of them.
if you could look into your logs for that vhost and give us a sample it would be helpful.
I got a similar situation a few weeks ago.
Bots were keeping hitting xmlrpc.php which is shipped with wordpress. PHP could not handle it and was hanging, and I was getting a message saying that I should increase the number of children in php-fpm logs.
I finally just set nginx to respond a 403 when trying to access xmlrpc.php and my problems vanished. However I have read that this file was used for the pingback system so this solution may not be suitable for everyone.
this might not be linked but I had a similar situation with haproxy recently, haproxy was hitting the backend server to check if it was online several times a minute because of the "listen" directive. i think nginx being a reverse proxy & all, it could be doing the same?
XML-RPC Pingback, Your site was participating in a DDoS Attack
Check here to verify
http://labs.sucuri.net/?is-my-wordpress-ddosing
If not whoever was attacking didn't target any sucuri and their proxy service.
For what I've read and heard, Pingback is not worth it anymore, is that right?
Check here to verify http://labs.sucuri.net/?is-my-wordpress-ddosing
If not whoever was attacking didn't target any sucuri and their proxy service.
I checked my domain and it says:
Warning: Your Website http://xxxxxxxx.com was USED for DDOS.
Can you share your change in config @Edouard I don't care pingback really.
Try this: http://wptavern.com/how-to-prevent-wordpress-from-participating-in-pingback-denial-of-service-attacks
thank you @ihatetonny