I was searching for problem, based on debian virtual server and ispconfig. There was high cpu load about 100%.
Finally were two problems.
1.st .xmlrrpc attack found in apache log
cat /var/log/apache2/access.log
For fixing this issue just disable in .htaccess accessing file to attacker
nano /var/www/site.cz/web/.htaccess and
just add this line at the end of .htaccess
<Files xmlrpc.php>
order deny,allow
deny from all
allow from xxx.xxx.xx.xxx
</Files>
you can allow it from known ip address and xx represents you ip address
2.nd
on this virtual machine was also high cpu load because of plugin wp-security plugin
this verion of plugin due to error which requested writing some information into sql table made incredibly large error log
which is located based on ispconfig and debian 9 cat /var/www/yoursite.cz/log/error.log
after probing log file a and discovering error and deleting plugin was all working perfectly.