-1

I'm at my wits end right now. I have a wordpress site that thankfull is still just a blank template. Last week I saw it was being hammered by an IP 185.130.5.180 from Lithuania and has been flagged multiple times for spamming. I can't seem to block the damn thing for accessing my site. Should note I have a few sites on this server but it's only attack 1 of them. My apache 2.4.10 vhost access logs are just flooding with this over and over each second:

sitename.com:80 185.130.5.180 - - [06/Feb/2016:01:38:59 -0500] "POST /xmlrpc.php HTTP/1.0" 301 523 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

If I delete the file, it just turns into it saying its a 404 instead of 301. I even deleted the entire site for a few days and it's still hammering away.

Here is what I have tried:

Blocking it with my Debian firewall which is UFW. Didn't work.

Blocking it with Cloudflare firewall. Didn't work. Cloudflare told me they are attacking my IP directly.

Adding deny from 185.130.5.180 into my sites htaccess file. Didn't work.

Fail2Ban using the Apache-postflood config doesn't work.

I'm not sure how else to get this thing ip to bugger off and start hammering my site.

Please any suggestions would be great.

Tamerax
  • 15
  • 1
  • 4
  • have you tried null routing it (http://www.cyberciti.biz/tips/how-do-i-drop-or-block-attackers-ip-with-null-routes.html) or talking to your server host and asking them to null route that ip on their end? – David Parlevliet Feb 06 '16 at 07:16
  • At least 2 of the things you say you tried should work if you did it correctly. Rather than telling us what didn't work, show us, Show us the configuration changes you made, the commands you ran etc. You may also want to look at this search http://serverfault.com/search?tab=newest&q=xmlrpc.php – user9517 Feb 06 '16 at 07:30
  • @DavidParlevliet I just did that and I'll see what happens. – Tamerax Feb 06 '16 at 07:35
  • @DavidParlevliet that seems to be working! – Tamerax Feb 06 '16 at 07:41
  • glad to hear it – David Parlevliet Feb 06 '16 at 11:50

1 Answers1

1

Given how utterly trivial it is to redirect an IP to null with iptables - my advice would be:

  • Either learn to use your operating system or
  • Hire a professional.

THAT being said, on top I would change your IP and then make sure it never gets published and all traffic is running through cloudflare ;)

TomTom
  • 50,857
  • 7
  • 52
  • 134