High server load due to script calls

  • Resolved merdesi

    (@merdesi)


    2 years, 5 months ago

    Hi there,

    one of our partner agencies told us that the server from their hosting provider had a high server load to that all of their websites were down / not available for 45 minutes in their hosting package. The provider sent us this specific scripts which caused the overload:

    
/wp-content/wflogs/ips.php
/wp-content/wflogs/config.php
/wp-content/wflogs/attack-data.php
/wp-content/wflogs/config-synced.php
/wp-content/wflogs/config-livewaf.php
/wp-content/wflogs/config-transient.php

    As I am not an expert I’d like to know you heard about this once before?
    Is there anything I can do or change in the settings so this won’t happen again? I didn’t get a notification email as well, that’s strange.

    I would be happy to get some information.

    Thank you and kind regards
    Michael

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @merdesi, thanks for getting in touch.

    The wflogs location is updated frequently by Wordfence, and it’s normal to see these files open on your web server, but ultimately poses no commonly seen problem across the large customer-base that the plugin has. Therefore there might be a few things you can check.

    Communication issues/errors to and from your server might point to unusually long loading times. Check that max_execution_time in your php.ini is set to 30, permissions on your WordPress site directories are 755 with a process owner of www-data.

    If all that seems good, navigate to your wp-content/wflogs folder and delete the contents entirely. Wordfence should try to repopulate it within 30 minutes so could solve any issues if the files are corrupted or unusually large.

    If you continue to have persistent problems with this file/folder but don’t see connectivity or permissions failures/error messages in your Wordfence > Tools > Diagnostics page, you can bypass this entirely by setting Wordfence to write to the MySQLi storage engine instead of a file: https://www.wordfence.com/help/firewall/mysqli-storage-engine/

    I hope that helps you out!

    Peter.

    Thread Starter merdesi

    (@merdesi)

    Hi Peter,

    I didn’t see your answer yet. Thank you for quick answer!

    max_execution_time is set to 300 and permissions are 755.

    It seems like we also had some kind of brute force attack so that the server where the customer’s website is hosted was down. I guess this attack was somewhen between June 17th and 27th, because since then the website isn’t sending system emails anymore.

    So I’d rather say that there is a security issue on our site and server and the underlying mail server.

    Nevertheless I’ll keep your tips in mind. Thank you again! ??
    Best regards

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘High server load due to script calls’ is closed to new replies.