Wordpress site getting attacked?
Posted on 2013-09-11
Beginning last Friday morning (5 days ago) the traffic on my wordpress site went from 500-6--k per day to 6GB per day. It actually brought the server down. Brought it down many times before we figured out what was happening.
So, to stop it from crashing the server, I used .htaccess to deny all, allow <my ip address>
now, I am able to work with it and view logs and such.
I notice there are hundreds of thousands of:
"POST / HTTP/1.1" 200 25424 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
errors in the log. I know they are there because I am denying them, but why are they POST entries? When *I* visit the site and browse around, they are all GET entries.
I disabled all the plugins, and it did not stop anything.
I run CSF LFD and I also see a lot of:
Command Line: /usr/libexec/openssh/sftp-server
PID: 16847 (Parent PID:16845)
in the logs, I would be the only person uploading to this cpanel account, and as it happens, I'm not...... but it sure looks like someone is.
I'd sure like to get this site back online, as you can imagine. Any ideas? I'll provide additional info needed.