Outgoing DDOS attack

Hello,
I just did setup a new DA server, and migrated few cpanel accounts, soon i received complaint that my server is sending DDOS attacks. On checking apache log, i found this

127.0.0.1 - - [14/Sep/2019:16:34:39 -0500] "GET /wp-login.php HTTP/1.1" 404 -
127.0.0.1 - - [14/Sep/2019:16:34:42 -0500] "POST /wp-login.php HTTP/1.1" 404 -
127.0.0.1 - - [14/Sep/2019:16:34:43 -0500] "POST /xmlrpc.php HTTP/1.1" 404 -
127.0.0.1 - - [14/Sep/2019:16:34:43 -0500] "GET /wp-login.php HTTP/1.1" 404 481

How can i find the source of the problem?

Thanks

Prevent Outgoing DDoS Attack using CSF

You can use CSF to prevent outgoing DDoS attack from your server.
Remove unwanted port on TCP_OUT options in /etc/csf/csf.conf, restart csf using command csf -r

One server cannot serve out a DDOS.
The log-entries you posted are just hack-attempts from others to a Wordpress-site on your server.

You'll need to find out which user might be causing a lot of outbound traffic.