mysql running over 200% CPU according to atop – pt-query-digest suggests slow running query is a lookup in wp_options for ‘autoload’ = yes

So the issue was actually a DDOS attack on our site. I used urlsnarf to see what requests were being placed and there were basically hundreds of POST request from about 20-30 or so IP addresses. Seems quite small scale for what I understood is a typical DDOS attack. It also explains why it took a few days before the site ground to a halt. We have quite a few cores running on this host and it was maxing out 7 of them. I think in a larger scale attack it would have taken out the site a lot faster… We’re behind cloudflare so maybe it was setup at that level to avoid their automatic detection…

As soon as I turned on the ‘We’re under attack mode’ the POST requests stopped coming in and the server returned to normal.

Now I just need to figure out an early detection mechanism and automatic switch of the cloudflare under attack functionality.

tech