Search form


Stop xmlrpc.php Attacks

Summary: how to diagnose and eliminate the xmlrpc.php WordPress exploit when it's clobbering your web server.

You've been running a public Ubuntu 12+ and Apache/LAMP web server for a while now. Until recently everything has worked fine, but suddenly your server is struggling to display even static pages. Sometimes content takes forever to load, and occasionally pages fail to load at all, with Apache showing the 503/Service Unavailable error. You haven't made any recent changes to your applications, server software, or databases, so what's going on?

Ubuntu 16.04 Web Server with Apache, PHP, and MySQL

Ubuntu 16.04 LTS has been out for a little while now, and its standard repos offer some nice enhancements over Ubuntu 14: Apache 2.4.18, PHP 7, and MySQL 5.7.12 The process for creating a basic LAMP web server is also streamlined, as a couple of bugs that plagued Ubuntu 14.04 are now eliminated.

To create your LAMP setup:

Install Your Web Server Packages

Ubuntu 16.04 offers current software in its main repos:

Web Server Performance 2016

This is a shorthand summary of web server performance and caching systems as of March 2016.

General disclaimer: I try to link benchmark results that seem relatively neutral, but as with any survey or study or benchmark roundup, the most pertinent question is cui bono? Ultimately the only reliable benchmarks are those you run yourself in your own environment.

Swap Apache Prefork for Worker

By default most Apache web servers -- at least prior to Apache 2.4 -- run Apache's Prefork MPM (multi-processing module). Prefork works OK and offers the greatest compatibility with existing Apache modules, but it consumes a relatively large amount of memory because it spawns many processes that each handle one connection at a time. Prefork typically uses non-thread-safe extensions like mod_php to interpret code.

Subscribe to RSS - Apache