logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Multiple records for private IP address in access_log
Author
scamps



Joined: 03 May 2017
Posts: 1

PostPosted: Wed 03 May '17 17:54    Post subject: Multiple records for private IP address in access_log Reply with quote

Hi, I am very new to server side work. I have just taken over managing a WordPress multisite install on a Bitnami distribution, hosted on AWS. There is a legacy issue, that every few days the server load goes through the roof and then crashes/has to be restarted. So, I am trying to fix this (as well as understand as much about sysops type stuff as I can!).

The apache error_log file shows multiple errors thrown by the pagespeed module, but my understanding so far is that these are symptomatic of something else?

The access_log file shows multiple thousands of entries from a private IP address (10.0.0.243), sometimes with hundreds/second into various folders in the WordPress directory. As I understand it this private IP represents the server acting as a proxy to external useragents?

So, my best guess at the moment is that something is hitting my WordPress sites hard/looking for a vulnerability, this is generating all the records in the access_log - and accounts for why there are so many, so quickly, for random files - and all these requests are causing pagespeed to throw a bunch of errors.

On this basis, I am thinking that I need to enable the remoteip module to try and log the actual IP that requests are coming from, and then block it.

If anyone could give me some feedback/suggestions on this, I'd really appreciate it as I'm keen to understand and learn more, and would not be surprised if I am way off track/have some false assumptions here. Thanks.
Back to top


Reply to topic   Topic: Multiple records for private IP address in access_log View previous topic :: View next topic
Post new topic   Forum Index -> Apache