I'm at my wits end right now. I have a wordpress site that thankfull is still just a blank template. Last week I saw it was being hammered by an IP 185.130.5.180 from Lithuania and has been flagged multiple times for spamming. I can't seem to block the damn thing for accessing my site. Should note I have a few sites on this server but it's only attack 1 of them. My apache 2.4.10 vhost access logs are just flooding with this over and over each second:
sitename.com:80 185.130.5.180 - - [06/Feb/2016:01:38:59 -0500] "POST /xmlrpc.php HTTP/1.0" 301 523 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
If I delete the file, it just turns into it saying its a 404 instead of 301. I even deleted the entire site for a few days and it's still hammering away.
Here is what I have tried:
Blocking it with my Debian firewall which is UFW. Didn't work.
Blocking it with Cloudflare firewall. Didn't work. Cloudflare told me they are attacking my IP directly.
Adding deny from 185.130.5.180 into my sites htaccess file. Didn't work.
Fail2Ban using the Apache-postflood config doesn't work.
I'm not sure how else to get this thing ip to bugger off and start hammering my site.
Please any suggestions would be great.