This was what I posted on SPCNET a while ago;
I’ve been working on this all night, guys. So here’s the issue. I ran some tests, just because I was starting to wonder if it was the database or perhaps something else. I killed httpd, then pointed the database at a completely new, empty database, AND moved all the files on the server to a separate location and put up a separate WordPress installation. In other words, things should have been fresh.
As soon as I turn on the httpd, before I even have a chance to complete the WordPress installation, ie set up themes, plugins, etc., server load instantly spikes, with up to 200+ processes eventually occurring, overwhelming and killing the server.
Given all this, and given that my Cloudflare settings haven’t changed, my best guess is that DDOS’ers have found the origin IP of my server and are now DDOS’ing it directly, thereby bypassing Cloudflare. Otherwise, I can’t think of any reason at all why a completely blank website would be having this sort of problem; it literally makes no sense whatsoever.
So what I have done right now is use the nuclear option; I have disabled ALL connections, EXCEPT those coming through Cloudflare, while keeping Cloudflare on “Under Attack” mode. This should deal with the DDOS issue; if it doesn’t, we’re in trouble :P. The problem is, this breaks a number of other things on my side. I’ll be working on it throughout the day, and hopefully will get it all up again soon. What a pain in the butt. Sigh. Still, reading should no longer be a problem.
Oh – If you have any problems, flush your browser cache 😛