Web pages not displaying

Email, FTP and access to web panels okay but no web pages showing, wordpress site etc. Example when I enter www.jmb01.com in browser address bar nothing happens, just a blank screen.

Status: 
Active

Comments

Howdy -- hmm, the domain "jmb01.com" resolves to the IP "176.126.245.218" for me.

And I don't see to be able to connect to Apache, Webmin, or SSH on that IP address.

Is that the correct IP for your server?

Also, was this all working at one point, did something just stop recently? Or was this always a problem?

And is your server directly on the Internet, or is it behind a NAT router?

jmboyle58's picture
Submitted by jmboyle58 on Tue, 05/03/2016 - 10:11

Hi. Yeah that's the correct IP.

The server is directly on the Internet and everything was working the last time I checked about a week ago.

Postfix and Dovecot are still accessible and working at normal speed. FTP and SSH works also. The SSH port is 83.

Does it help to restart Apache?

What you may want to try is these commands:

service httpd stop
killall -9 httpd
service httpd start

After that, are you able to access any of your sites?

If not, are you seeing any errors in /var/log/httpd/error_log?

jmboyle58's picture
Submitted by jmboyle58 on Tue, 05/03/2016 - 10:50

Restarting Apache didn't help. Below is a dump from the error log. What is the MaxRequestWorkers setting mentioned at the end?

[Mon May 02 02:45:39.620272 2016] [auth_digest:notice] [pid 340] AH01757: generating secret for digest authentication ... [Mon May 02 02:45:39.632829 2016] [lbmethod_heartbeat:notice] [pid 340] AH02282: No slotmem from mod_heartmonitor [Mon May 02 02:45:39.755964 2016] [mpm_prefork:notice] [pid 340] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 SVN/1.7.14 configured -- resuming normal operations [Mon May 02 02:45:39.756001 2016] [core:notice] [pid 340] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Mon May 02 02:45:44.724607 2016] [mpm_prefork:notice] [pid 340] AH00171: Graceful restart requested, doing restart AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 176.126.245.218. Set the 'ServerName' directive globally to suppress this message [Mon May 02 02:45:57.198901 2016] [auth_digest:notice] [pid 340] AH01757: generating secret for digest authentication ... [Mon May 02 02:45:57.200071 2016] [lbmethod_heartbeat:notice] [pid 340] AH02282: No slotmem from mod_heartmonitor [Mon May 02 02:45:57.295539 2016] [mpm_prefork:notice] [pid 340] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 SVN/1.7.14 configured -- resuming normal operations [Mon May 02 02:45:57.295574 2016] [core:notice] [pid 340] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Mon May 02 02:46:00.425061 2016] [mpm_prefork:notice] [pid 340] AH00171: Graceful restart requested, doing restart AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 176.126.245.218. Set the 'ServerName' directive globally to suppress this message [Mon May 02 02:46:11.166763 2016] [auth_digest:notice] [pid 340] AH01757: generating secret for digest authentication ... [Mon May 02 02:46:11.167903 2016] [lbmethod_heartbeat:notice] [pid 340] AH02282: No slotmem from mod_heartmonitor [Mon May 02 02:46:11.251669 2016] [mpm_prefork:notice] [pid 340] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 SVN/1.7.14 configured -- resuming normal operations [Mon May 02 02:46:11.251857 2016] [core:notice] [pid 340] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Mon May 02 02:46:16.394400 2016] [mpm_prefork:notice] [pid 340] AH00171: Graceful restart requested, doing restart AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 176.126.245.218. Set the 'ServerName' directive globally to suppress this message [Mon May 02 02:46:29.861588 2016] [auth_digest:notice] [pid 340] AH01757: generating secret for digest authentication ... [Mon May 02 02:46:29.862725 2016] [lbmethod_heartbeat:notice] [pid 340] AH02282: No slotmem from mod_heartmonitor [Mon May 02 02:46:29.940547 2016] [mpm_prefork:notice] [pid 340] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 SVN/1.7.14 configured -- resuming normal operations [Mon May 02 02:46:29.940585 2016] [core:notice] [pid 340] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Mon May 02 19:43:06.345375 2016] [mpm_prefork:notice] [pid 340] AH00170: caught SIGWINCH, shutting down gracefully [Mon May 02 19:44:35.902517 2016] [suexec:notice] [pid 665] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Mon May 02 19:44:36.116070 2016] [auth_digest:notice] [pid 665] AH01757: generating secret for digest authentication ... [Mon May 02 19:44:36.117154 2016] [lbmethod_heartbeat:notice] [pid 665] AH02282: No slotmem from mod_heartmonitor [Mon May 02 19:44:36.541444 2016] [mpm_prefork:notice] [pid 665] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 SVN/1.7.14 configured -- resuming normal operations [Mon May 02 19:44:36.541510 2016] [core:notice] [pid 665] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Mon May 02 19:44:43.565754 2016] [mpm_prefork:error] [pid 665] AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting [Mon May 02 19:55:25.283028 2016] [mpm_prefork:notice] [pid 665] AH00170: caught SIGWINCH, shutting down gracefully [Mon May 02 19:55:35.800709 2016] [suexec:notice] [pid 1875] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Mon May 02 19:55:35.882819 2016] [auth_digest:notice] [pid 1875] AH01757: generating secret for digest authentication ... [Mon May 02 19:55:35.883959 2016] [lbmethod_heartbeat:notice] [pid 1875] AH02282: No slotmem from mod_heartmonitor [Mon May 02 19:55:35.957091 2016] [mpm_prefork:notice] [pid 1875] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 SVN/1.7.14 configured -- resuming normal operations [Mon May 02 19:55:35.957157 2016] [core:notice] [pid 1875] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Mon May 02 19:55:42.977934 2016] [mpm_prefork:error] [pid 1875] AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting [Tue May 03 11:24:19.185029 2016] [mpm_prefork:notice] [pid 1875] AH00170: caught SIGWINCH, shutting down gracefully [Tue May 03 11:25:17.668388 2016] [suexec:notice] [pid 9473] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 176.126.245.218. Set the 'ServerName' directive globally to suppress this message [Tue May 03 11:25:17.894207 2016] [auth_digest:notice] [pid 9473] AH01757: generating secret for digest authentication ... [Tue May 03 11:25:17.895317 2016] [lbmethod_heartbeat:notice] [pid 9473] AH02282: No slotmem from mod_heartmonitor [Tue May 03 11:25:18.013457 2016] [mpm_prefork:notice] [pid 9473] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 SVN/1.7.14 configured -- resuming normal operations [Tue May 03 11:25:18.013533 2016] [core:notice] [pid 9473] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Tue May 03 11:25:23.051686 2016] [mpm_prefork:error] [pid 9473] AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting

Hmm, I'm seeing this error in your logs:

server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting

If your server has reached it's maximum allowed connections, that could cause the behavior you're seeing.

Is one of your websites perhaps getting hit particularly hard?

Also, what is the output of these two commands:

uptime
ps auxwf
jmboyle58's picture
Submitted by jmboyle58 on Tue, 05/03/2016 - 12:31

                      Last login: Tue May  3 13:15:20 2016 from cpc2-grth10-2-0-cust59.16-4.cable.virginm.net

[root@server ~]# uptime 13:28:00 up 17:43, 1 user, load average: 0.76, 0.84, 0.87 [root@server ~]# ps auxwf USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 192752 3328 ? Ss May02 0:15 init -z root 2 0.0 0.0 0 0 ? S May02 0:00 [kthreadd/6752] root 3 0.0 0.0 0 0 ? S May02 0:00 _ [khelper/6752] root 83 0.0 0.4 165664 29576 ? Ss May02 0:15 /usr/lib/systemd/systemd-journald root 87 0.0 0.0 41332 964 ? Ss May02 0:00 /usr/lib/systemd/systemd-udevd root 124 0.0 0.0 26348 1492 ? Ss May02 0:02 /usr/lib/systemd/systemd-logind dbus 125 0.0 0.0 26540 1480 ? Ss May02 0:04 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile - root 127 0.0 0.0 76132 2040 ? Ss May02 0:01 /usr/sbin/saslauthd -m /run/saslauthd -a pam -n 2 -r root 128 0.0 0.0 76132 2032 ? S May02 0:01 _ /usr/sbin/saslauthd -m /run/saslauthd -a pam -n 2 -r root 152 0.0 0.1 506428 11896 ? Ssl May02 0:05 /usr/sbin/rsyslogd -n root 160 0.0 0.0 82508 2628 ? Ss May02 0:00 /usr/sbin/sshd -D root 9193 0.0 0.0 139180 5580 ? Ss 11:23 0:00 _ sshd: root@notty root 25267 0.0 0.0 139340 5572 ? Ss 13:15 0:00 _ sshd: root@pts/0 root 26820 0.0 0.0 11692 1884 pts/0 Ss 13:27 0:00 _ -bash root 26906 0.0 0.0 47500 1760 pts/0 R+ 13:28 0:00 _ ps auxwf root 169 0.0 0.0 29252 652 ? Ss May02 0:00 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid root 182 0.0 0.0 15596 1356 ? Ss May02 0:02 /usr/sbin/dovecot -F dovecot 243 0.0 0.0 9264 1020 ? S May02 0:00 _ dovecot/anvil root 244 0.0 0.0 9392 1116 ? S May02 0:00 _ dovecot/log john.jm+ 32246 0.0 0.0 14960 2656 ? S 10:10 0:00 _ dovecot/imap jmb.jmb+ 2925 0.0 0.0 15524 3000 ? S 10:39 0:00 _ dovecot/imap sheena.+ 22830 0.0 0.0 15064 2516 ? S 12:58 0:00 _ dovecot/imap gina.gi+ 23099 0.0 0.0 15068 2308 ? S 13:00 0:00 _ dovecot/imap gina.in+ 23101 0.0 0.0 15080 2444 ? S 13:00 0:00 _ dovecot/imap gina.gi+ 23102 0.0 0.0 15072 2440 ? S 13:00 0:00 _ dovecot/imap gina.in+ 23114 0.0 0.0 15072 2440 ? S 13:00 0:00 _ dovecot/imap admin.e+ 25254 0.0 0.0 15072 2504 ? S 13:15 0:00 _ dovecot/imap admin.g+ 25255 0.0 0.0 15064 2532 ? S 13:15 0:00 _ dovecot/imap admin.i+ 25262 0.0 0.0 15072 2504 ? S 13:15 0:00 _ dovecot/imap admin.g+ 25269 0.0 0.0 15072 2508 ? S 13:15 0:00 _ dovecot/imap admin.i+ 25271 0.0 0.0 15068 2532 ? S 13:15 0:00 _ dovecot/imap admin.j+ 25293 0.0 0.0 15068 2320 ? S 13:15 0:00 _ dovecot/imap admin.j+ 25297 0.0 0.0 15072 2504 ? S 13:15 0:00 _ dovecot/imap jmb.jmb+ 25299 0.0 0.0 15388 2992 ? S 13:15 0:00 _ dovecot/imap admin.j+ 25303 0.0 0.0 15072 2504 ? S 13:15 0:00 _ dovecot/imap admin.j+ 25306 0.0 0.0 15072 2508 ? S 13:15 0:00 _ dovecot/imap admin.j+ 25308 0.0 0.0 15072 2508 ? S 13:15 0:00 _ dovecot/imap admin.j+ 25310 0.0 0.0 15072 2504 ? S 13:15 0:00 _ dovecot/imap admin.j+ 25312 0.0 0.0 15068 2528 ? S 13:15 0:00 _ dovecot/imap john.jm+ 25314 0.0 0.0 15356 2956 ? S 13:15 0:00 _ dovecot/imap admin.j+ 25317 0.0 0.0 15072 2488 ? S 13:15 0:00 _ dovecot/imap admin.j+ 25322 0.0 0.0 15064 2528 ? S 13:15 0:00 _ dovecot/imap sheena.+ 25698 0.0 0.0 14972 2184 ? S 13:18 0:00 _ dovecot/imap gina.gi+ 25785 0.0 0.0 15068 2316 ? S 13:19 0:00 _ dovecot/imap gina.gi+ 25786 0.0 0.0 15072 2440 ? S 13:19 0:00 _ dovecot/imap gina.in+ 25787 0.0 0.0 15004 2696 ? S 13:19 0:00 _ dovecot/imap gina.in+ 25790 0.0 0.0 15072 2440 ? S 13:19 0:00 _ dovecot/imap root 26648 0.0 0.0 12280 2136 ? S 13:27 0:00 _ dovecot/config root 203 0.0 0.0 6404 660 tty1 Ss+ May02 0:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220 root 211 0.0 0.0 22744 1064 ? Ss May02 0:00 /usr/sbin/crond -n root 212 0.0 0.0 6404 660 tty2 Ss+ May02 0:00 /sbin/agetty --noclear tty2 linux mysql 253 0.0 0.0 9464 1216 ? Ss May02 0:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr mysql 700 0.2 0.4 2026496 29516 ? Sl May02 2:54 _ /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --p named 501 0.0 0.2 560220 18072 ? Ssl May02 0:05 /usr/sbin/named -u named mailman 601 0.0 0.0 128128 912 ? Ss May02 0:00 /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s start mailman 707 0.0 0.0 127928 4724 ? S May02 0:11 _ /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunne mailman 709 0.0 0.0 127908 4740 ? S May02 0:11 _ /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRun mailman 711 0.0 0.0 127932 4712 ? S May02 0:11 _ /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRu mailman 714 0.0 0.0 127928 4704 ? S May02 0:11 _ /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingR mailman 715 0.0 0.0 127936 4724 ? S May02 0:11 _ /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunne mailman 716 0.0 0.0 127932 4780 ? S May02 0:11 _ /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingR mailman 718 0.0 0.0 127928 4712 ? S May02 0:11 _ /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRun mailman 719 0.0 0.0 127928 4704 ? S May02 0:00 _ /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunn root 864 0.0 0.4 175064 28380 ? Ss May02 0:15 /usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m5 -H root 7854 0.6 2.4 271988 150192 ? S 11:16 0:50 _ spamd child root 16687 0.0 1.0 189184 67232 ? S 12:03 0:04 _ spamd child root 866 0.0 0.0 91088 1276 ? Ss May02 0:01 /usr/libexec/postfix/master -w postfix 20458 0.0 0.0 91592 4412 ? S 08:59 0:00 _ qmgr -l -t unix -u postfix 18501 0.0 0.0 91192 3876 ? S 12:19 0:00 _ pickup -l -t unix -u postfix 25606 0.0 0.0 91184 3892 ? S 13:18 0:00 _ anvil -l -t unix -u postfix 26549 0.0 0.0 108240 5176 ? S 13:26 0:00 _ smtpd -n smtp -t inet -u -o stress= -s 2 -o smtpd_sasl_auth_ena postfix 26553 0.0 0.0 91196 4332 ? S 13:26 0:00 _ trivial-rewrite -n rewrite -t unix -u root 902 0.0 0.0 60476 2332 ? Ss May02 0:01 /usr/bin/perl /usr/libexec/usermin/miniserv.pl /etc/usermin/miniser root 917 0.0 0.0 111948 3916 ? Ss May02 0:06 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv. nobody 1019 0.0 0.0 196552 592 ? Ss May02 0:01 proftpd: (accepting connections) root 24442 0.0 0.9 94060 57204 ? Ss 09:15 0:01 /usr/libexec/webmin/virtual-server/lookup-domain-daemon.pl root 9473 0.0 0.3 525820 21736 ? Ss 11:25 0:00 /usr/sbin/httpd -DFOREGROUND apache 9474 0.0 0.0 291560 5404 ? S 11:25 0:00 _ /usr/sbin/httpd -DFOREGROUND jmb01com 9477 5.4 0.8 356816 50624 ? S 11:25 6:40 | _ /bin/php-cgi jmb01com 9482 5.4 0.8 356560 50600 ? S 11:25 6:44 | _ /bin/php-cgi jmb01com 9487 5.3 0.8 365744 51036 ? S 11:25 6:32 | _ /bin/php-cgi jmb01com 9488 5.2 0.8 356816 50860 ? S 11:25 6:26 | _ /bin/php-cgi jmb01com 9499 5.1 0.8 365204 50740 ? S 11:25 6:16 | _ /bin/php-cgi jmb01com 9501 5.2 0.8 356816 50380 ? S 11:25 6:29 | _ /bin/php-cgi jmb01com 9502 5.2 0.8 365732 50980 ? S 11:25 6:24 | _ /bin/php-cgi jmb01com 9510 5.3 0.8 365204 50688 ? S 11:25 6:31 | _ /bin/php-cgi jmb01com 9511 5.2 0.8 356304 50352 ? S 11:25 6:24 | _ /bin/php-cgi ericbarr 10725 0.0 0.5 327996 32948 ? S 11:32 0:04 | _ /bin/php-cgi ginasbuk 10800 0.0 0.2 313652 18428 ? S 11:32 0:04 | _ /bin/php-cgi ginasbco 11675 0.1 0.5 331296 34600 ? S 11:37 0:07 | _ /bin/php-cgi jmb01com 25356 6.0 0.7 355160 48640 ? S 13:15 0:44 | _ /bin/php-cgi apache 9476 0.0 0.1 525932 11412 ? S 11:25 0:00 _ /usr/sbin/httpd -DFOREGROUND apache 9480 0.0 0.1 525932 11428 ? S 11:25 0:00 _ /usr/sbin/httpd -DFOREGROUND apache 9481 0.0 0.1 525932 11416 ? S 11:25 0:00 _ /usr/sbin/httpd -DFOREGROUND apache 9483 0.0 0.2 526056 12288 ? S 11:25 0:00 _ /usr/sbin/httpd -DFOREGROUND apache 9486 0.0 0.1 525932 11416 ? S 11:25 0:00 _ /usr/sbin/httpd -DFOREGROUND apache 9489 0.0 0.1 525932 11356 ? S 11:25 0:00 _ /usr/sbin/httpd -DFOREGROUND apache 9490 0.0 0.1 525932 11412 ? S 11:25 0:00 _ /usr/sbin/httpd -DFOREGROUND apache 9491 0.0 0.1 526064 12088 ? S 11:25 0:00 _ /usr/sbin/httpd -DFOREGROUND apache 9496 0.0 0.1 525932 11356 ? S 11:25 0:00 _ /usr/sbin/httpd -DFOREGROUND apache 9500 0.0 0.1 525932 11420 ? S 11:25 0:00 _ /usr/sbin/httpd -DFOREGROUND [root@server ~]#

Okay, that all looks pretty normal.

It's been working a bit better for me over the last hour or so, but just to see if anything unusual shows up, what does this command show:

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head

jmboyle58's picture
Submitted by jmboyle58 on Tue, 05/03/2016 - 13:48

It just says -bash: netstat: command not found

I see in the AWstats that there's been over 191,000 hits on jmb01.com today alone from a couple of Russian IP addresses. I'll block these in IP tables and see if that helps.

Thanks for your help. I'll let you know if I have any more problems.

You may also want to take a peek at $HOME/logs/access_log for that domain to see if any IP's are currently hammering away on certain parts of your site.

Also, it looks like netstat may not be installed -- you can install that by running "yum install net-tools".

jmboyle58's picture
Submitted by jmboyle58 on Tue, 05/03/2016 - 14:25

Okay. I installed net-tools. Here is the output.

[root@server ~]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head 74 185.103.252.170 41 185.130.4.120 27 185.103.252.3 23 77.103.236.60 17 185.130.4.197 12 104.25.19.33 6 104.25.18.33 5 143.95.251.2 4 142.4.26.236 3 2.126.104.206 [root@server ~]#

Also, here's a portion of the access log file as it's massive and the same all the way down,

185.103.252.170 - - [03/May/2016:15:01:42 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.130.4.120 - - [03/May/2016:15:01:43 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.103.252.170 - - [03/May/2016:15:01:33 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.103.252.170 - - [03/May/2016:15:01:33 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.103.252.170 - - [03/May/2016:15:01:44 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.130.4.120 - - [03/May/2016:15:01:38 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.130.4.197 - - [03/May/2016:15:01:47 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.103.252.170 - - [03/May/2016:15:01:38 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.103.252.170 - - [03/May/2016:15:01:39 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.130.4.120 - - [03/May/2016:15:01:40 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.130.4.197 - - [03/May/2016:15:01:50 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.130.4.197 - - [03/May/2016:15:01:51 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.130.4.120 - - [03/May/2016:15:01:43 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.103.252.3 - - [03/May/2016:15:01:53 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.130.4.120 - - [03/May/2016:15:01:44 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.103.252.170 - - [03/May/2016:15:01:45 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.130.4.197 - - [03/May/2016:15:01:45 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.103.252.170 - - [03/May/2016:15:01:55 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.103.252.170 - - [03/May/2016:15:01:45 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.103.252.170 - - [03/May/2016:15:01:45 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 185.103.252.170 - - [03/May/2016:15:01:56 -0400] "POST /xmlrpc.php HTTP/1.0" 200 370 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

Ah goodness, yeah that looks like a lot bots hammering on your WordPress installation.

I'd probably start banning any IP address that's hitting "/xmlrpc.php" until thinks are back to normal on your server.

jmboyle58's picture
Submitted by jmboyle58 on Tue, 05/03/2016 - 14:46

Okay will do. Thank you again.