Hi,

Thanks for the response.

On 04/11/2019 18:12, ed-bitfolk@s5h.net wrote:
> On 2019-11-04 17:51+0000, Ian Hobson wrote:
>> I have had a user complain they got no response from a website
>> on my VPN.
>
> Is the website on your VPS, or is this a website on another network
> outside of 85.119.80.0/21?
The website is hosted on the VPS, however it was being accessed via an
SSH link. The website appears to be on localhost:8080 to those with the
SSH link open.
>
>> It appears that from about 9:07 until after 9:44 my front-end (nginx)
>> could not talk to the back-end (php). It cleared before I became aware
>> of the problem.
>
> Is this today? Looking at my VPS graph there were no slumps in the main
> service that it runs. Did something crawl your web server and it spawned
> a mass of PHP processes or similar?

>
>> I can find nothing in the logs, other than the failed reads, so I am
>> at a loss to diagnose things.
>
> Is there anything in /var/log/* around this time?
>
There were a large number of POSTS to /xmlrpc.php which is part of
wordpress. I thought nothing of it, until I googled it.

Seemingly xmlrpc.php is used to post remotely to your site. Curently it
is more used for DDOS attacks. The IP was from china.

So xmlrpc will be disabled on all my wordpress sites.


>> nginx talks to php7.2-fpm using fastcgi-pass to 127.0.0.1:9000.
>
> I'm not familiar with fastcgi-pass - I'll look into it over the coming
> weeks though as I'm generally a fan of FCGI :)
>
It works great.

Regards

Ian

--
Ian Hobson
Tel (+351) 910 418 473

--
This email has been checked for viruses by AVG.
https://www.avg.com


_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users