I use AWS EC2 servers for my web hosting and recently had a problem where one of my servers kept peaking out as soon as it was loaded. After moving the WordPress instance to another server and eliminating the possiblity that the problem was caused by the theme or Linux version I found the issue.
My server was being continuously accessed from a single IP source. I discovered this by checking the access logs like this:
tail -n 100 var/log/httpd/access_log
I could then see the ip trying to access the site every few seconds:
So the next step was just to block the IP address:
sudo iptables -I INPUT -s 18.104.22.168 -j DROP
sudo service iptables save
Source: http://unix.stackexchange.com/questions/32781/how-can-i-block-a-range-of-ip-addresses-with-an-amazon-ec2-instance, https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules
Now the website is back to smooth sailing!
I was a bit disappointed with AWS support on this occasion. They weren't able to help me determine the issue aside from the fact that it was caused by memory use.
Hope this helps if anyone got the same problem.
You may want to block an entire subnet:
sudo iptables -A INPUT -s 22.214.171.124/24 -j DROP
Or list your current rules:
sudo iptables -S