ispconfig we high cpu load / stop brute force attacks against xmlrpc.php

Reading Time: 1 minute

I was searching for problem, based on debian virtual server and ispconfig. There was  high cpu load about 100%.

Finally were two problems.

1.st .xmlrrpc attack  found in apache log

cat /var/log/apache2/access.log

For fixing this issue just disable in .htaccess accessing file to attacker

nano  /var/www/site.cz/web/.htaccess and

just add this line at the end of .htaccess


<Files xmlrpc.php>
order deny,allow
deny from all
allow from xxx.xxx.xx.xxx

</Files>


you can allow it from known ip address and xx represents you ip address

 

2.nd

on this virtual machine was also high cpu load because of plugin wp-security plugin

this verion of plugin due to error which requested writing some information into sql table made incredibly large error log

which is located based on ispconfig and debian 9 cat /var/www/yoursite.cz/log/error.log

after probing log file a and discovering error and deleting plugin was all working perfectly.