We are passionate about server security and protecting our websites, we have the best security and support available and respond to server / security concerns almost instantly, The conversation below is now 6 years old and has no relevance to today’s security setup but indicates how serious we take security, the conversation happened in the middle of the night when investigating a possible server / website attack
The LVE manager is showing high usage. It seems that there was a spike at a time. Did you server provider tell you that to which website this MXLrPC attack was related to?
Yes they said the XML RPC attack was on a certain website which is an add-on domain within the main account
Did you add that last line in the config file?
No let me quickly look at the file
Looks like we cant see it on the remote server see my Dreamweaver session open
Yes. Its an attack from XML-RPC and we will need to disable it.
We have disabled this in individual websites and have done this by adding a plugin and adding code into .htaccess file
You are right. This should not be that issue then. Can you tell me that was this issue occurred after adding this code or before?
Before and we only added this as the server company told us of the attack we assume we should add this code on all WordPress sites now?
Let me check further
OK. Now, please don’t do anything with this file, I will check it tomorrow.
Until that, please don’t add the XML-RPC code on other websites.
Thanks – is there any easy check to test the memory of this server as its a new server and I am doubtful that the memory is perfect also other domains that we have on other servers get auto-suspended when they are attacked but on this server, the whole server stops – surely this isn’t correct. how can we change this?
There are several ways to do so and the easiest method to do so is to write a bash script, which will auto terminate a process if it’s eating up memory without affecting others. Also, I will write that script for popular services like httpd, IMAP, dovecot, bind, mysql, proc, etc..
So, instead of your web server going down, that specific service will be restarted without affecting others. That is a handwritten script by us.
Surely LVE Cloud Linux does something similar ?
Yes LVE does the same thing but eventually, it fails because it’s bound with OR condition where it fails when a file is locked.
Anyhow, I suggest you to continue LVE for the time being now and if it fails, contact me then.
