25 Jul
2014
25 Jul
'14
12:10 a.m.
Ben Chad said:
For the most part, I configure Drupal sites and then
take on the hosting. I was asked to take on the hosting of a WordPress site. Not wanting
to run my sites and the WP site with the same user, I setup a second Apache instance for
the WordPress site, with Varnish forwarding to the appropriate Apache instance.
I may be misunderstanding something, but why not run WP with the same
Apache? (Apart from the way it would currently bring down everything else!)
* Nothing shows up in the Apache logs during the
downtime.
Do you think it's crashing because of the load before anything gets
written to the access logs?
I’ve since enabled server-status, and if the issue
comes up again, I should look at it before I restart Apache. Watching it now, some
distinguishing features are:
* wp-login.php is getting hit quite a bit on the WordPress vhost from different IPs.
See the wiki article on WordPress and use a fail2ban jail that looks for
any access to wp-login.php and bans the IP address for more than a
handful of accesses in a few minutes. If it's only legitimately accessed
from known whitelisted addresses, you can set it to ban on a single access.
It will probably be triggered at least as much as the ssh jail, much
more when the next distributed bruteforce attempt happens.
Any thoughts? What would you do differently?
Have a cron job that checks if the second Apache is running and, if not,
starts it again.
Stay up until 2am and have a look at what's happening :)
Ian