It's really, really easy to misconfigure mod_proxy and set yourself up as an open proxy. The ProxyRequests directive sounds like it should be needed for any sort of proxying, but is only really needed if you're allowing your apache instance to act as a forward proxy, not as a reverse proxy. For reverse proxying, which is what you want most of the time, you really want ProxyPass and ProxyPassReverse .
The phrase "[my blog] was being hosted on another port because apache was taking up the internet http port 80" sounds like the reason they were trying to set up a reverse-proxy.
Above that, there is a comment "turning ProxyRequests on and allowing proxying from all may allow spammers to use your proxy to send email", so I guess it was somewhat safe originally, until ProxyRequests was changed to On without reading and understanding the comment.
I made the mistake of thinking it was harmless to enable. Also, with the solutions I've found online for enabling 'ghost blog with apache virtualhosts'. I guess someone trolled me.
It's a good idea to always look up the docs on directives in apache configs you are copy-pasting from the internet, to make sure you know what they are doing.
For that matter, this probably applies to just about anything you copy paste on the internet. Understand what you're pasting, look up the docs if you don't or aren't sure or are using something you haven't seen before.
But apache httpd configs can be especially tricky. The accidental open proxy is definitely something that gets lots of people, you are not alone. The apache httpd directive names have a lot of 'legacy' in them, and probably should have been named more clearly in retrospect (i assume the apache httpd forward proxy feature came first, and reverse proxy was only added later; but in 2015 reverse proxy is a lot ore common a thing to want).
(But the solution to an accidental open proxy, if you didn't mean to be forward proxying at all.... is turning off the forward proxy in apache httpd, not other weird workarounds).
That's yet another example of apache config violating POLS (Principle Of Least Astonishment). You have a set of Allow rules and a set of Deny rules. If a request does not match a rule in either set, then what happens to the request depends on the ordering of these non-matching rulesets (!!) instead of a reasonable default with an explicitly configured alternate option.
It's also a bad name - there's no hint that this affects the default action; you just have to know ahead of time.
From part two[p2]: "After stumbling back into my custom Apache configurations directory, I found a file I made to redirect all the proxy settings to /etc/httpd/conf.d/proxy.conf. I can't believe I missed this file."
(...)
"I changed ProxyRequests On to ProxyRequests Off and restarted Apache sudo service httpd restart. My blog & my websites loaded. I finally came to the solution after a few hours of looking at configs."
(...)
"I ran top and noticed fail2ban was consuming 98-99% of my allocated CPU. [Note: As mentioned by the original author in part1, fail2ban was set up to track Apache httpd access logs, and that's (presumably) why it was consuming so much CPU. -e12e] Holy shit. This culprit was running in the background and I did not even know that it was such an intensive resource hog on my machine. I turned fail2ban's service off sudo service fail2ban stop and I removed it from2 auto-starting on system boots with chkconfig fail2ban off."
Apache is a bit of a complicated beast, and it probably doesn't help that way back when, one didn't set up proxies to web application servers, one ran code in the server (mod_php, mod_perl and even mod_python). Java/tomcat got their own proxy module (mod_jk), and after a while, as more (hw) resources became available, it started to make more sense for everyone to follow the good practice of breaking up services by user (either actual (human) user, or at least service user, like "php" or "cgi-bin" etc). And it became more common to use mod_proxy to forward requests to backends (like php-fpm).
For those new to Apache, it's still easy to miss that Apache can also work as a full http proxy -- and it's easier than it probably should be to set up an open http proxy without intending to. But you generally do have to type in a setting of "ProxyRequests On" -- which kind of does give a hint of what's going on.
I know that they can spoof the referrer. I have mine set to allow '.atrament.net'. I was thinking of using my IP in the setting, but I did not have any problems with '.atrament.net' just yet.