Apache Webserver becoming unresponsive
After running perfectly for nearly a year a Apache Webserver became instable. Every few hours the server wasn’t responding anymore. The MaxClients were maxed out, machine performance was normal, but no response on http.
As nothing had changed (and after some pondering on software issues), I investigated the apache connections in detail.
lsof -i :80 | grep CLOSE_WAIT
showed lots of connections in CLOSE_WAIT state coming from one IP Address.
Grepping the IP Address in apache log dir showed requests to wordpress’ xmlrpc.php. Some minor googling showed an brute force attack on wordpress installations. A fact which may have gone unnoticed, had the attackers closed their connections properly.
So I disabled xmlrpc for wordpress, and so should you!
The internet is a dangerous place …