Okay so after looking at my logs to see what the little girl TieuWi was doing to DDOS the site I came to the realization that she was using a WordPress exploit use by some script kiddies or girls like TieuWi that use a ping option read more about it here
If you look at your site logs you will see a lot of logs similar to this
198.57.247.185 - - [03/Oct/2015:10:01:56 -0400] "GET / HTTP/1.0" 499 0 "-" "WordPress/3.5.1; http://www.hvacview.com"
As you can see “WordPress/3.5.1; the site still on an old WordPress and hasn’t patch the exploit
To stop basically you need to add this to your Apache or Nginx server
[codesyntax lang=”html4strict”]
if ($http_user_agent ~* "WordPress") {
return 444;
}
I becoming and export on this shit lol
And to stop script kiddies from using your WordPress site to DDOS others add this code to the Function file of your theme
//Stop WordPress ping exploit
add_filter( ‘xmlrpc_methods’, function( $methods ) {
unset( $methods['pingback.ping'] );
return $methods;
} );
.
.