IT Nursery
  • 1010 Avenue of the Moon
    New York, NY 10018 US.
  • Mon - Sat 8.00 - 18.00
    Sunday: Closed
  • Get A Quote
  • WordPress

    • Many POST requests to /xmlrpc.php from GoogleBot taking down server?

    • IT Nursery
    • April 18, 2022
    • 0

    I have several hosted wordpress blogs, and I’ve been trying to visit them and they are really slow. I looked at my server logs and I found this

    stanfordflipside.com:80 188.138.33.149 - - [17/Aug/2013:17:14:28 -0700] "POST /xmlrpc.php HTTP/1.1" 200 595 "-" "GoogleBot/1.0"
stanfordflipside.com:80 188.138.33.149 - - [17/Aug/2013:17:14:28 -0700] "POST /xmlrpc.php HTTP/1.1" 200 595 "-" "GoogleBot/1.0"
stanfordflipside.com:80 188.138.33.149 - - [17/Aug/2013:17:14:28 -0700] "POST /xmlrpc.php HTTP/1.1" 200 595 "-" "GoogleBot/1.0"
stanfordflipside.com:80 188.138.33.149 - - [17/Aug/2013:17:14:28 -0700] "POST /xmlrpc.php HTTP/1.1" 200 595 "-" "GoogleBot/1.0"
stanfordflipside.com:80 188.138.33.149 - - [17/Aug/2013:17:14:29 -0700] "POST /xmlrpc.php HTTP/1.1" 200 595 "-" "GoogleBot/1.0"
stanfordflipside.com:80 188.138.33.149 - - [17/Aug/2013:17:14:29 -0700] "POST /xmlrpc.php HTTP/1.1" 200 595 "-" "GoogleBot/1.0"
stanfordflipside.com:80 188.138.33.149 - - [17/Aug/2013:17:14:29 -0700] "POST /xmlrpc.php HTTP/1.1" 200 595 "-" "GoogleBot/1.0"
stanfordflipside.com:80 188.138.33.149 - - [17/Aug/2013:17:14:29 -0700] "POST /xmlrpc.php HTTP/1.1" 200 595 "-" "GoogleBot/1.0"
stanfordflipside.com:80 188.138.33.149 - - [17/Aug/2013:17:14:31 -0700] "POST /xmlrpc.php HTTP/1.1" 200 595 "-" "GoogleBot/1.0"
stanfordflipside.com:80 188.138.33.149 - - [17/Aug/2013:17:14:31 -0700] "POST /xmlrpc.php HTTP/1.1" 200 595 "-" "GoogleBot/1.0"
stanfordflipside.com:80 188.138.33.149 - - [17/Aug/2013:17:14:31 -0700] "POST /xmlrpc.php HTTP/1.1" 200 595 "-" "GoogleBot/1.0"

    I am getting ~10 hits per second to the file /xmlrpc.php from the GoogleBot to several sites, and this seems to be slowing down the server. I am running 

    tail -f

    on the log file, and can just see these requests continuing. Does anyone know why this might be happening or what you could do to stop it?

    4 s
    4

    I would block the IP with iptables if it were me, and if you have that kind of server level access.

    You could also disable xmlrpc. Unfortunately, since 3.5 the admin screen option to disable that feature has been removed. A single line of code should disable it though: add_filter( 'xmlrpc_enabled', '__return_false' ); That might save some overhead from the requests, though it won’t eliminate all of it.

    Tags:

    Leave a Reply

    Your email address will not be published. Required fields are marked *