Example conversation we had with our Hosting company Server Security Consultant a few years ago when the server was the target of some low level hacking attempts, we pro-actively protect our websites and now have a full time security and performance consultant on our team.
It seems that there was a traffic spike yesterday.
Did you server provider told that to which website this MXLrPC attack was related to?
yes they said the xml rpc attack was on stepnpull.co.uk which is an add-on domain within deliciou account
Did you added that last line in config file?
no let me quickly look at the file
looks like we cant see it on the remote server see my dreamweaver session open
Yes. Its an attack from xlmrpc and we will need to disable it.
we have disabled this in individual websites and have done this on stepnpull.co.uk by adding a plugin and adding code into .htaccess file –
Ok. let me check please, just a minute
You are right. This should not be that issue then. Can you tell me that was this issue occurred after adding this code or before?
Before and we only added this as the server company told us of the attack _ assume we should add this code on all wordpress sites now?
Let me check further
OK. Now, please don’t do anything with this file, I will check it tomorrow. OK
Untill that, please don’t add xmlrpc code.
OK Thanks – is there any easy check to test the memory of this server as its a new server and I am doubtful that the memory is perfect also other domains that we have on other servers get auto-suspended when they are attacked but on this server the whole server stops – surely this isnt correct. how can we change this?
There are several ways to do so and the easiest method to do so is to write a bash script, which will auto teminate a process if its eating up memory without affecting others. Also, I will write that script for popular services like httpd, imap, dovecot, bind, mysql, proc, etc..
So, instead of getting down your server, that specific service will be restarted without affecting others.
That is handwritten script by me but that is costly and one time fee if you can afford ever, do contact me.
ok will sign-off until tomorrow – how much for the script and surely LVE Cloud Linux does something similar ?
Yes LVE does the same thing but eventually, it failes because its bound with OR condition where it failes when a file is locked.
Anyhow, I suggest you to continut LVE for the time being now and if it failes, contact me then.