So I've got a BIG problem. For the last three days I've been getting "out of memory" errors. Never got a single one in the twenty years I've been doing IT before that. It looks like someone is trying to hack one of my domains looking for a Wordpress install that doesn't exist. I can't block the IP address because they're just spoofing random addresses.
This is from the Apache2 error.log:
[Thu Aug 15 06:25:02.733995 2019] [core:notice] [pid 1381] AH00094: Command line: '/usr/sbin/apache2'
[Thu Aug 15 06:59:21.134619 2019] [:error] [pid 7779] [client 94.253.14.187:42493] script '/var/www/bibi/xmlrpc.php' not found or unable to stat
[Thu Aug 15 07:00:00.195610 2019] [:error] [pid 7708] [client 103.87.207.188:43110] script '/var/www/bibi/xmlrpc.php' not found or unable to stat
[Thu Aug 15 07:06:19.853931 2019] [:error] [pid 7708] [client 112.78.143.26:48640] script '/var/www/bibi/xmlrpc.php' not found or unable to stat
[Thu Aug 15 10:45:59.613429 2019] [:error] [pid 8722] [client 45.86.245.113:45968] PHP Fatal error: Out of memory (allocated 48234496) (tried to allocate 20480 bytes) in /var/www/dhi/wp-content/plugins/revslider/includes/googlefonts.php on line 41
Here's what the access log shows:
[Wed Aug 14 08:51:09.646304 2019] [:error] [pid 21575] [client 35.156.206.70:60848] PHP Fatal error: Out of memory (allocated 14680064) (tried to allocate 20480 bytes) in /var/www/beauty/wp-includes/functions.php on line 1132, referer: http://www.example.com/wp-cron.php?doing_wp_cron=1565772650.7416360378265380859375
[crit] Memory allocation failed, aborting process.
[crit] Memory allocation failed, aborting process.
[crit] Memory allocation failed, aborting process.
[crit] Memory allocation failed, aborting process.
[crit] Memory allocation failed, aborting process.
[Wed Aug 14 08:59:33.685188 2019] [mpm_prefork:error] [pid 21569] (12)Cannot allocate memory: AH00159: fork: Unable to fork new process
[Wed Aug 14 08:59:45.065256 2019] [core:notice] [pid 21569] AH00051: child pid 22590 exit signal Aborted (6), possible coredump in /etc/apache2
[Wed Aug 14 08:59:45.080537 2019] [core:notice] [pid 21569] AH00051: child pid 22593 exit signal Aborted (6), possible coredump in /etc/apache2
[Wed Aug 14 08:59:45.080553 2019] [core:notice] [pid 21569] AH00051: child pid 22594 exit signal Aborted (6), possible coredump in /etc/apache2
[Wed Aug 14 08:59:45.080564 2019] [core:notice] [pid 21569] AH00051: child pid 22615 exit signal Aborted (6), possible coredump in /etc/apache2
[Wed Aug 14 08:59:45.080570 2019] [core:notice] [pid 21569] AH00051: child pid 22618 exit signal Aborted (6), possible coredump in /etc/apache2
[crit] Memory allocation failed, aborting process.
[crit] Memory allocation failed, aborting process.
[crit] Memory allocation failed, aborting process.
[crit] Memory allocation failed, aborting process.
I tried deactivating the theme I've been using to see if that was the issue... I tried any number of things. I blocked the IP address that whoever is looking for xmlrpc.php in a directory that doesn't even have Wordpress installed was using... but now they're just spamming IP addresses.
Is there a way that I can block ANY IP address to that directory that is looking for that file? Is there a way that I can quit whatever is going on before it even gets to an out of memory error? What are my options?