Get the most out of your Centmin Mod LEMP stack
Become a Member

PHP-FPM Recent update causes PHP-FPM spikes and WP crashes

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Daniel J. Lewis, Jul 3, 2015.

  1. Daniel J. Lewis

    Daniel J. Lewis Award-winning podcaster and consultant

    72
    8
    8
    Oct 20, 2014
    Ratings:
    +11
    Local Time:
    7:14 AM
    1.8.0
    5.6
    HELP! I have no idea what to do anymore. I know tweaking is up to me, and I'm interested in hiring someone to fix this.

    On June 25 or 26, I ran "yum update" and rebuilt Nginx, both for the latest security updates. Since then, my server has been extremely unstable. PHP-FPM is spiking on CPU usage and making my WordPress websites crash.

    Here's my setup:
    I've tried re-adjusting the php-fpm.conf settings as follows (brackets indicate values I've tried).

    Code:
    emergency_restart_threshold = [3, 5, 10]
    emergency_restart_interval = [30s, 1m]
    process_control_timeout = [5s, 10s]
    listen.backlog = [128 to 8150]
    pm = ondemand
    pm.max_children = [2 to 50]
    pm.start_servers = 1
    pm.min_spare_servers = 1
    pm.max_spare_servers = 3
    pm.max_requests = [100, 200, 500, 1000, 10000, 50000]
    pm.process_idle_timeout = [5s, 10s]
    Last night, when I reduced pm.max_requests down to 100, I thought everything was golden again. But I woke up to see PHP-FPM had locked up and crashed my sites 8 sites.

    When PHP-FPM is locked up, sometimes I can get a phpstatus result that will look something like this (brackets indicate numbers I've seen):

    Code:
    pool:                 www
    process manager:      ondemand
    start time:           02/Jul/2015:17:58:19 -0400
    start since:          2175
    accepted conn:        2795
    listen queue:         1153
    max listen queue:     1393
    listen queue len:     [sometimes 0, sometimes my backlog number of 128 or 8150]
    idle processes:       0
    active processes:     10
    total processes:      10
    max active processes: 10
    max children reached: 1
    slow requests:        1
    I think I know, in theory, what's happening. PHP-FPM is given some process that hangs and causes more tasks to pile up, eventually filling up the queue. PHP-FPM tries to process all of these but can't because the CPU is maxed out. Is that right?

    The strangest thing about all of this is that shouldn't my use of WP Super Cache mean that Nginx shouldn't be sending this many processes to PHP-FPM? I can verify that WPSC is working, but this behavior is as if hundreds of requests are bypassing the cache.

    When I've enabled the FPM slow log, nothing in particular stands out as causing the problem.

    For reference, here are my site confs.

    Single site:
    Code:
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    #server {
    #            listen   80;
    #            server_name danieljlewis.net;
    #            return 301 $scheme://www.danieljlewis.net$request_uri;
    #       }
    
    server {
      server_name danieljlewis.net www.danieljlewis.net;
      if ($host ~* www\.(.*)) {
          set $host_without_www $1;
          #   rewrite ^(.*)$ $scheme://$host_without_www$1 permanent; #1
          rewrite ^ $scheme://$host_without_www$1$request_uri permanent; #2
      }
    
    # ngx_pagespeed & ngx_pagespeed handler
    # removed 2015-03-16 include /usr/local/nginx/conf/pagespeed.conf;
    # removed 2015-03-16 include /usr/local/nginx/conf/pagespeedhandler.conf;
    # removed 2015-03-16 include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/danieljlewis.net/log/access.log combined buffer=32k;
      # removed 2015-03-16 access_log /var/log/nginx/access.cache.log cache;
      error_log /home/nginx/domains/danieljlewis.net/log/error.log;
    
      root /home/nginx/domains/danieljlewis.net/public;
    
      #Yoast sitemap
        location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
        rewrite ^/sitemap\.xml$ /sitemap_index.xml permanent;
        rewrite ^/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last;
        rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
        rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
    
        ## following lines are options. Needed for wordpress-seo addons
        rewrite ^/video-sitemap\.xsl$ /index.php?xsl=video last;
        access_log off;
      }
    
      location / {
    
        if (-f $request_filename/index.html){
          rewrite (.*) $1/index.html break;
        }
    
        if (-f $request_filename/index.php){
          rewrite (.*) $1/index.php;
        }
    
        if (!-f $request_filename){
          rewrite (.*) /index.php;
        }
    
        # block common exploits, sql injections etc
        include /usr/local/nginx/conf/block.conf;
      }
    
      include /usr/local/nginx/conf/wpsupercache.conf;
      include /usr/local/nginx/conf/wpsecure.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      #include /usr/local/nginx/conf/phpstatus.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
    }
    
    Multisite:
    Code:
    map $uri $blogname{
      ~^(?<blogpath>/[^/]+/)files/(.*)    $blogpath ;
    }
    map $blogname $blogid {
      default -999;
      include /home/nginx/domains/noodle.mx/public/wp-content/uploads/nginx-helper/map.conf ;
    }
    
    server {
      listen 80;
      server_name noodle.mx *.com www.noodle.mx;
      root /home/nginx/domains/noodle.mx/public;
      #Uncomment to debug rewrite rules
      #error_log    logs/rewrite.log notice;
    
    
      if ($host ~* www\.(.*)) {
          set $host_without_www $1;
        #   rewrite ^(.*)$ $scheme://$host_without_www$1 permanent; #1
          rewrite ^ $scheme://$host_without_www$1$request_uri permanent; #2
      }
    
      # SSL
      listen 443 ssl;
      ssl on;
      ssl_certificate /usr/local/nginx/conf/ssl/djosephdesign.com.crt-combined;
      ssl_certificate_key /usr/local/nginx/conf/ssl/djosephdesign.com.key;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_prefer_server_ciphers on;
      ssl_ecdh_curve  secp384r1;
      ssl_session_cache      shared:SSL:10m;
      ssl_session_timeout  10m;
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      # add_header Alternate-Protocol  443:npn-spdy/3;
      add_header Strict-Transport-Security "max-age=0; includeSubdomains";
      # added by Tiago - UCC cert ####
      set $ssl 0;
      if ($scheme = https) {
        set $ssl 1;
      }
      if ($host ~ "(noodle.mx|oncepodcast.com|theaudacitytopodcast.com)") {
        set $ssl 0;
      }
      if ($ssl = 1) {
        rewrite "^/(.*)" http://$host/$1 permanent;
      }
      # /SSL
    
      # ngx_pagespeed & ngx_pagespeed handler
      # removed 2015-03-16 include /usr/local/nginx/conf/pagespeed.conf;
      # removed 2015-03-16 include /usr/local/nginx/conf/pagespeedhandler.conf;
      # removed 2015-03-16 include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/noodle.mx/log/access.log combined buffer=32k;
      # removed 2015-03-16 access_log /var/log/nginx/access.cache.log cache;
      error_log /home/nginx/domains/noodle.mx/log/error.log;
    
      #Yoast sitemap
      location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
        rewrite ^/sitemap\.xml$ /sitemap_index.xml permanent;
        rewrite ^/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last;
        rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
        rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
    
        ## following lines are options. Needed for wordpress-seo addons
        rewrite ^/video-sitemap\.xsl$ /index.php?xsl=video last;
        access_log off;
      }
    
      location ~ ^(/[^/]+/)?files/(?<rt_file>.+) {
        try_files /wp-content/blogs.dir/$blogid/files/$rt_file /wp-includes/ms-files.php?file=$rt_file ;
        access_log off;
        log_not_found off;
        expires max;
      }
    
      location / {
    
        if (-f $request_filename/index.html){
          rewrite (.*) $1/index.html break;
        }
    
        if (-f $request_filename/index.php){
          rewrite (.*) $1/index.php;
        }
    
        if (!-f $request_filename){
          rewrite (.*) /index.php;
        }
    
        # block common exploits, sql injections etc
        include /usr/local/nginx/conf/block.conf;
      }
    
      # Pass uploaded files to wp-includes/ms-files.php.
      rewrite /files/$ /index.php last;
    
      if ($uri !~ wp-content/plugins) {
        rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;
      }
    
      # Rewrite multisite '.../wp-.' and '.../.php'.
      if (!-e $request_filename) {
        rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
        rewrite ^/[_0-9a-zA-Z-]+.(/wp-admin/.\.php)$ $1 last;
        rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
      }
    
      include /usr/local/nginx/conf/noodlemx_redirects.conf;
     include /usr/local/nginx/conf/wpsupercache.conf;
      # include /usr/local/nginx/conf/wpffpc.conf;
      include /usr/local/nginx/conf/wpsecure.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
    }
    
    Please help! This has be driving me crazy for a week and I've wasted too much time trying to fix this. I'm willing to hire someone at a reasonable price to fix this for me.
     
  2. eva2000

    eva2000 Administrator Staff Member

    28,971
    6,575
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,759
    Local Time:
    9:14 PM
    Nginx 1.13.x
    MariaDB 5.5
    that phpstatus output suggests you do not have enough cpu threads to handle the php-fpm processes - but why that is happening you need to investigate.. you can get more detailed stats using /phpstatus?full&html on your phpstatus url for per process/uri request

    Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such.

    You'll need to tune your PHP-FPM settings and this is left up to end user to do but here's a thread for starters to enable php status page output outlined at PHP PHP-FPM - Centmin Mod - Menu based Nginx installer for CentOS servers and PHP-FPM - pm.max_children | Centmin Mod Community which outlines the official PHP-FPM config documentation as well.

    Checking PHP-FPM etc logs



    You'll also need to check into your PHP-FPM, Nginx and MariaDB logs which you can find as outlined at How to troubleshoot Centmin Mod initial install issues

    Server logs include Nginx, PHP-FPM, MariaDB MySQL error logs as well as others. You can find your Centmin Mod install/menu logs at FAQ 7 and server logs at FAQ 19 at Centmin Mod FAQ (most up to date info in FAQ so always read that first). Spoiler tag below has info too but may not be up to date.

    Some of Centmin Mod's installed software will have their own access and error logs which maybe useful for diagnosing errors or give info, notes, or warning notices.

    Note: There's no support provided by me for diagnosing such errors which may occur for various reasons including misconfiguration of installed php/mysql scripts or applications.

    In SSH2 telnet you can use tail command to view the last X number of lines in the file.

    For example for viewing last 10 lines in the file for:

    For Nginx access and error logs:
    Code (Text):

    tail -10 /usr/local/nginx/logs/access.log
    tail -10 /usr/local/nginx/logs/error.log

    For specific domainname.com access and error log:
    Code (Text):

    tail -10 /home/nginx/domains/domainname.com/log/access.log
    tail -10 /home/nginx/domains/domainname.com/log/error.log

    For other system error logs located at /var/log:

    list /var/log files in ascending time order so the most recently modified files are at the bottom
    Code (Text):

    ls -lhrt /var/log

    Code (Text):

    total 2.7M
    -rw------- 1 root root 0 Aug 29 15:33 tallylog
    -rw------- 1 root root 0 Aug 29 15:33 spooler
    drwx------ 3 root root 4.0K Aug 29 15:35 samba
    drwxr-xr-x 2 root root 4.0K Aug 29 15:35 mail
    -rw-r--r-- 1 root 500 0 Oct 8 18:13 dmesg.old
    -rw------- 1 root 500 0 Oct 8 18:13 boot.log
    -rw-r--r-- 1 root 500 0 Oct 8 18:14 dmesg
    drwx------ 2 root root 4.0K Oct 8 18:14 httpd
    drwxr-xr-x 2 root root 4.0K Oct 8 19:08 php-fpm
    -rw-rw---- 1 mysql root 2.3K Oct 9 12:38 mysqld.log
    -rw------- 1 root root 9.2K Oct 26 10:48 yum.log
    -rw------- 1 root utmp 94K Nov 7 22:59 btmp
    drwxr-xr-x 2 root root 4.0K Nov 8 00:00 sa
    -rw------- 1 root root 269K Nov 8 21:39 messages
    -rw------- 1 root root 110K Nov 8 23:08 secure
    -rw-rw-r-- 1 root utmp 43K Nov 8 23:08 wtmp
    -rw-r--r-- 1 root root 144K Nov 8 23:08 lastlog
    -rw------- 1 root root 69K Nov 8 23:08 lfd.log
    -rw------- 1 root root 332K Nov 8 23:08 maillog
    -rw------- 1 root 500 1.6M Nov 8 23:10 cron

    For PHP-FPM error log:
    Code (Text):

    tail -10 /var/log/php-fpm/www-error.log

    and/or
    Code (Text):

    /var/log/php-fpm/www-php.error.log

    For MySQL / MariaDB error log:
    Code (Text):

    tail -10 /var/log/mysqld.log

    For CSF firewall LFD log:
    Code (Text):

    tail -10 /var/log/lfd.log

    For Mail log:
    Code (Text):

    tail -10 /var/log/maillog

    For Cron job logs:
    Code (Text):

    tail -10 /var/log/cron

    How to edit php.ini and php-fpm configuration files ?



    Centmin Mod install created command short cuts outlined here to allow you to quickly edit your /usr/local/lib/php.ini file and your /usr/local/etc/php-fpm.conf file. Full list of command shortcuts below:
    • Edit php.ini = phpedit ( /usr/local/lib/php.ini )
    • Edit my.cnf = mycnf ( /etc/my.cnf )
    • Edit php-fpm.conf = fpmconf ( /usr/local/etc/php-fpm.conf )
    • Edit nginx.conf = nginxconf ( /usr/local/nginx/conf/nginx.conf )
    • Edit (nginx) virtual.conf = vhostconf - only edits /usr/local/nginx/conf/conf.d/virtual.conf not the additional vhost domain.com.conf files added later
    • Edit (nginx) php.conf = phpinc ( /usr/local/nginx/conf/php.conf )
    • Edit (nginx) drop.conf = dropinc ( /usr/local/nginx/conf/drop.conf )
    • Edit (nginx) staticfiles.conf = statfilesinc ( /usr/local/nginx/conf/staticfiles.conf )
    • nginx stop/start/restart = ngxstop/ngxstart/ngxrestart
    • php-fpm stop/start/restart = fpmstop/fpmstart/fpmrestart
    • mysql stop/start/restart = mysqlstop/mysqlstart/mysqlrestart
    • nginx + php-fpm stop/start/restart = npstop/npstart/nprestart
    • memcached stop/start/restart =memcachedstop/memcachedstart/memcachedrestart
    • csf stop/start/restart = csfstop/csfstart/csfrestart

    Troubleshooting Tools



    However, there's many linux tools and scripts that can help you figure out what was causing the load issues and when.

    Tools and commands you will want to read up on and learn for basic system admin tasks and troubleshooting.
    Notes:
    However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out :)
     
  3. Daniel J. Lewis

    Daniel J. Lewis Award-winning podcaster and consultant

    72
    8
    8
    Oct 20, 2014
    Ratings:
    +11
    Local Time:
    7:14 AM
    1.8.0
    5.6
    Code:
    pool:                 www
    process manager:      ondemand
    start time:           03/Jul/2015:07:59:45 -0400
    start since:          5509
    accepted conn:        6733
    listen queue:         902
    max listen queue:     902
    listen queue len:     8150
    idle processes:       0
    active processes:     10
    total processes:      10
    max active processes: 10
    max children reached: 7
    slow requests:        0
    
    ************************
    pid:                  6163
    state:                Running
    start time:           03/Jul/2015:09:29:08 -0400
    start since:          146
    requests:             59
    request duration:     927917
    request method:       POST
    request URI:          /xmlrpc.php
    content length:       309
    user:                 -
    script:               /home/nginx/domains/noodle.mx/public/xmlrpc.php
    last request cpu:     0.00
    last request memory:  0
    
    ************************
    pid:                  6164
    state:                Running
    start time:           03/Jul/2015:09:29:08 -0400
    start since:          146
    requests:             57
    request duration:     1452416
    request method:       POST
    request URI:          /xmlrpc.php
    content length:       309
    user:                 -
    script:               /home/nginx/domains/noodle.mx/public/xmlrpc.php
    last request cpu:     0.00
    last request memory:  0
    
    ************************
    pid:                  6136
    state:                Running
    start time:           03/Jul/2015:09:28:59 -0400
    start since:          155
    requests:             65
    request duration:     1477431
    request method:       POST
    request URI:          /xmlrpc.php
    content length:       309
    user:                 -
    script:               /home/nginx/domains/noodle.mx/public/xmlrpc.php
    last request cpu:     0.00
    last request memory:  0
    
    ************************
    pid:                  6107
    state:                Running
    start time:           03/Jul/2015:09:27:38 -0400
    start since:          236
    requests:             89
    request duration:     12346
    request method:       GET
    request URI:          /phpstatus?full
    content length:       0
    user:                 -
    script:               -
    last request cpu:     0.00
    last request memory:  0
    
    ************************
    pid:                  6165
    state:                Running
    start time:           03/Jul/2015:09:29:11 -0400
    start since:          143
    requests:             55
    request duration:     1554383
    request method:       POST
    request URI:          /xmlrpc.php
    content length:       309
    user:                 -
    script:               /home/nginx/domains/noodle.mx/public/xmlrpc.php
    last request cpu:     0.00
    last request memory:  0
    
    ************************
    pid:                  6169
    state:                Running
    start time:           03/Jul/2015:09:29:15 -0400
    start since:          139
    requests:             48
    request duration:     1144879
    request method:       POST
    request URI:          /xmlrpc.php
    content length:       309
    user:                 -
    script:               /home/nginx/domains/noodle.mx/public/xmlrpc.php
    last request cpu:     0.00
    last request memory:  0
    
    ************************
    pid:                  6170
    state:                Running
    start time:           03/Jul/2015:09:29:16 -0400
    start since:          138
    requests:             48
    request duration:     631853
    request method:       POST
    request URI:          /xmlrpc.php
    content length:       309
    user:                 -
    script:               /home/nginx/domains/noodle.mx/public/xmlrpc.php
    last request cpu:     0.00
    last request memory:  0
    
    ************************
    pid:                  6171
    state:                Running
    start time:           03/Jul/2015:09:29:16 -0400
    start since:          138
    requests:             52
    request duration:     1268572
    request method:       POST
    request URI:          /xmlrpc.php
    content length:       309
    user:                 -
    script:               /home/nginx/domains/noodle.mx/public/xmlrpc.php
    last request cpu:     0.00
    last request memory:  0
    
    ************************
    pid:                  6172
    state:                Running
    start time:           03/Jul/2015:09:29:16 -0400
    start since:          138
    requests:             51
    request duration:     1386855
    request method:       POST
    request URI:          /xmlrpc.php
    content length:       309
    user:                 -
    script:               /home/nginx/domains/noodle.mx/public/xmlrpc.php
    last request cpu:     0.00
    last request memory:  0
    
    ************************
    pid:                  6173
    state:                Running
    start time:           03/Jul/2015:09:29:16 -0400
    start since:          138
    requests:             48
    request duration:     830838
    request method:       POST
    request URI:          /xmlrpc.php
    content length:       309
    user:                 -
    script:               /home/nginx/domains/noodle.mx/public/xmlrpc.php
    last request cpu:     0.00
    last request memory:  0
    It's strange to see XML RPC in here, because I installed Disable XML-RPC.
     
  4. eva2000

    eva2000 Administrator Staff Member

    28,971
    6,575
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,759
    Local Time:
    9:14 PM
    Nginx 1.13.x
    MariaDB 5.5
    sounds like automated bot attacks/scrappers .. you can use nginx limit req/con zones to rate limit requests to xmlrpc.php and/or wp-login.php Module ngx_http_limit_req_module and Module ngx_http_limit_conn_module

    for example in my wordpress /usr/local/nginx/conf/wpsecure_mydomain.com.conf for Wordpress Super Cache i added

    Code:
    location ~* /(wp-login.php) {
            include /usr/local/nginx/conf/php.conf;
            limit_req zone=loginreq burst=1 nodelay;
            limit_conn logincon 10;
    }
    then in my nginx within http { context setup 2 zones one for rate limit requests and one for rate limit connections per ip

    30 requests per 60 seconds or 1 request every 2 seconds + max 10 connections per ip address to wp-login.php
    Code:
    limit_req_zone $binary_remote_addr zone=loginreq:16m rate=30r/m;
    limit_conn_zone $binary_remote_addr zone=logincon:16m;
    before rate limited xmlrpc.php siege benchmark
    Code:
    siege -q -b -c10 -r10 domain.com/xmlrpc.php
          done.
    
    Transactions:                    100 hits
    Availability:                 100.00 %
    Elapsed time:                   1.75 secs
    Data transferred:               0.00 MB
    Response time:                  0.17 secs
    Transaction rate:              57.14 trans/sec
    Throughput:                     0.00 MB/sec
    Concurrency:                    9.61
    Successful transactions:           0
    Failed transactions:               0
    Longest transaction:            0.31
    Shortest transaction:           0.00
    after rate limited siege benchmark against xmlrpc.php req/s drop from 57.15 trans/sec to 1.47 trans/sec
    Code:
    siege -q -b -c10 -r10 domain.com/xmlrpc.php
          done.
    
    Transactions:                      1 hits
    Availability:                   1.00 %
    Elapsed time:                   0.68 secs
    Data transferred:               0.02 MB
    Response time:                  1.29 secs
    Transaction rate:               1.47 trans/sec
    Throughput:                     0.03 MB/sec
    Concurrency:                    1.90
    Successful transactions:           0
    Failed transactions:              99
    Longest transaction:            0.67
    Shortest transaction:           0.00
    for xmlrpc.php + wp-login.php
    Code:
    location ~* /(wp-login|xmlrpc\.php) {
            include /usr/local/nginx/conf/php.conf;
            limit_req zone=loginreq burst=1 nodelay;
            limit_conn logincon 10;
    }
    
    if you used centmin mod .08 beta 03 centmin.sh menu option 22 to create your wordpress + wp super cache site, it would of automatically setup rate limiting for wp-login.php and xmlrpc.php Beta Branch - Preview: Wordpress + WP Super Cache installer - centmin.sh option 22 | Centmin Mod Community

    code in the centmin.sh menu option 22 created wordpress site is separate location contents for each for rate limit by requests only, not for rate limit by connections

    Code:
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/$vhostname/htpasswd_wplogin;
        include /usr/local/nginx/conf/php.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwplogin burst=2 nodelay;
        include /usr/local/nginx/conf/php.conf;
    }
     
    Last edited: Jul 4, 2015
    • Informative Informative x 1
  5. Daniel J. Lewis

    Daniel J. Lewis Award-winning podcaster and consultant

    72
    8
    8
    Oct 20, 2014
    Ratings:
    +11
    Local Time:
    7:14 AM
    1.8.0
    5.6
    Thank you! I implemented for xmlrpc.php and wp-login.php and could verify that's working from siege.

    I'll report back with my results either for further help or to let others know.
     
  6. Daniel J. Lewis

    Daniel J. Lewis Award-winning podcaster and consultant

    72
    8
    8
    Oct 20, 2014
    Ratings:
    +11
    Local Time:
    7:14 AM
    1.8.0
    5.6
    THANK YOU! Since implementing those lines of code, my server has not crashed in 24 hours!

    Either my update last week reset some security setting to prevent these attacks, or it was pure coincidence that the attacks around the same time as I updated. In either case, I'm considering this fixed!

    As an expression of my appreciation for your help, I just upgraded to premium forum membership. :)
     
    • Like Like x 1
  7. eva2000

    eva2000 Administrator Staff Member

    28,971
    6,575
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,759
    Local Time:
    9:14 PM
    Nginx 1.13.x
    MariaDB 5.5
    Thanks for becoming a Premium Centmin Mod user.. some benefits outlined at Premium User Membership Explained | Centmin Mod Community including the private Premium Member only forums :)

    The above rate limiting can be applied to any part of any site or web app, i.e. search, login, register pages etc too :)
     
  8. RoldanLT

    RoldanLT Well-Known Member

    3,829
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    7:14 PM
    1.11
    10.2
    If you're using Cloudflare, enable Web Application Firewall & Package: OWASP ModSecurity Core Rule Set.
    Most attacks will not reach your website.
     
    • Informative Informative x 1
  9. Daniel J. Lewis

    Daniel J. Lewis Award-winning podcaster and consultant

    72
    8
    8
    Oct 20, 2014
    Ratings:
    +11
    Local Time:
    7:14 AM
    1.8.0
    5.6
    Yeah, I thought I had Cloudflare setup for all of my sites, but my assistant didn't finished that project.
     
  10. RoldanLT

    RoldanLT Well-Known Member

    3,829
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    7:14 PM
    1.11
    10.2
    It's very effective for me :)
    But only available on Pro plan.
     
  11. Daniel J. Lewis

    Daniel J. Lewis Award-winning podcaster and consultant

    72
    8
    8
    Oct 20, 2014
    Ratings:
    +11
    Local Time:
    7:14 AM
    1.8.0
    5.6
    Oh. Then it's not affordable for me with my 15+ sites.
     
  12. RoldanLT

    RoldanLT Well-Known Member

    3,829
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    7:14 PM
    1.11
    10.2
    • Informative Informative x 1