Hi resource usage

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    I would need some more details:
    1. How many HTTP requests per seconds is the attack ? You can post a small sample of your HTTP access log here.
    2. Is this your own server (i.e., you set it up yourself) or a shared hosting account ?
    3. Do you have any opcode cache enabled ? That would help to lower the load.

    Thread Starter jgjh151

    (@jgjh151)

    1. It was around 10/ sec
    2. Own server
    3. PHP Apc is installed and set up

    Misc info: After a while, I added a line to the site’s nginx conf to deny the ip. Luckily it was from a single IP so this helped. After I did this, resources went down since nginx was hanfdling the requests. Before this, php-fpm was was using high cpu.

    Sample (IP edited):

    96.8.abc.xyz - - [12/Aug/2014:12:00:47 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:00:47 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:00:52 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:00:57 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:00:58 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:03 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:03 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:03 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:03 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:03 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:03 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:03 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:04 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:04 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:04 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:04 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:04 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:04 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:04 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:04 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:04 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:10 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:10 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:15 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:20 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:20 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:20 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:20 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:20 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:26 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:26 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:26 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:26 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:26 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
96.8.abc.xyz - - [12/Aug/2014:12:01:26 -0400] "POST /wp-login.php HTTP/1.0" 403 162 "-" "-"
    Plugin Author nintechnet

    (@nintechnet)

    What are your server specs (CPU, RAM..) ?
    This is a very small attack, it should not even be noticed.
    Today I had a similar attack running for 3 hours on a small dual-core VPS with 1GB RAM, Nginx 1.4.4 + PHP-FPM 5.5.1. The load was 0.13.

    Thread Starter jgjh151

    (@jgjh151)

    It’s 2gb, 2 cores VPS. Load was around 15%. Nginx 1.2.1 + PHP-FPM 5.4. I had same thing happen last night for 2 sites on this server at same time and load was around 40%. I don’t know it just seems to be using a lot of cpu from php while hitting the login file over and over. Maybe I need to change something on server, but not sure what. It’s pretty optimized at this point.

    Plugin Author nintechnet

    (@nintechnet)

    You may need to have a look at your PHP-FPM pool(s) configuration and try to tweak it. Then, you could simply and quickly test the new settings by running a small test attack with the ApacheBench tool and, if needed, adjust your settings accordingly.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Hi resource usage’ is closed to new replies.

Tags