Strange DDOS attack

Rank Hits Flag Country IP Agent Platform Version
1 591 Unknown 185.188.204.11 MSIE Windows 7.0
2 589 Unknown 185.188.204.7 MSIE Windows 7.0
3 571 Unknown 185.188.204.12 MSIE Windows 7.0
4 566 Unknown 185.188.204.9 MSIE Windows 7.0
5 547 Unknown 185.188.204.8 MSIE Windows 7.0
6 517 Unknown 185.188.204.6 MSIE Windows 7.0
7 492 Unknown 185.188.204.10 MSIE Windows 7.0
8 138 Unknown 185.188.204.14 MSIE Windows 7.0
9 138 Unknown 185.188.204.16 MSIE Windows 7.0
10 138 Unknown 185.188.204.18 MSIE Windows 7.0

It’s funny, I’ve recently had spam requests trying to guess my admin password for the CentOS server I use to run this website. I can only assume it’s some kind of bruteforce attack.

Then even more recently, someone’s tried to trouble me with this attempted DDOS attack. In my opinion, as oxymoronic as this sounds, security through obscurity isn’t really security at all; however, WordPress is extremely popular and there are ways it can be violated/exploited. This specific type of attack probably wouldn’t exist if WordPress wasn’t so popular. I suggest reading about the “Disable XML-RPC Pingback” plugin and installing it.

 

7 thoughts on “Strange DDOS attack”

    1. Interesting article, and attacks like this are always interesting. They show the ingenuity of the attacker… I hope that doesn’t sound like I admire the guy (or girl) who thought of it, but it’s such a simple way to cause grief to people.

      I have used the term DDOS loosely because the average viewer won’t understand the nature of the problem; it is a type of DDOS (Distributed Denial of Service) attack but you are correct in that it’s not a “distributed” attack for the first victim in the chain; however, it can cause a Denial of Service for the first victim i.e. if I tell you to do something and that slows up someone else, it will also slow you up too. The server I’m hosting this website on isn’t particularly powerful (it doesn’t need to be) and these days I feel like I’m playing whack-a-mole with WordPress’s insecurities.

  1. I was also getting DDoS’d by these IPs yesterday (07/21). My site is on AWS. I just migrated from a previous host (on an AWS-backed hosting service). That host was still up, and I thought about redirecting back to it while I figured out what was going on. Nope – it was also getting hammered. Are you on AWS, too?

    1. I’m with BHost, a UK hosting company. That’s very strange, I wouldn’t switch networks again, you should just be able to firewall the whole range.

  2. Hi, I am also getting DDOS’ed by this IP, we are a company in Thailand that makes games, Sandboxglobal. Just curious if you know a company in Thailand called Arkavis or a guy called Gil Texiera or Daniel Schwartling.

    I have suspicion it could be them.

    Just thought I would ask as you mention travelling on your blog.

    1. Cool site! I’ve never heard of them, sorry. Perhaps they post on photography forums with a different name or something? I whois’d the IP and it’s coming from a russian box, but that could be literally anyone and not necessarily a russian.

  3. I got ddos by this ip range too starting yesterday………I banned all network inbound and went to bed, then pull my site up again and block a whole bunch of ip that still hitting my site landing at http://xx.xx.xx.xx/xmlrpc.php.

    IP list as below:
    Russia
    IP: 185.188.204.9 [unblock] [permanently blocked]
    Reason: Manual permanent block by admin
    Hostname: 185.188.204.9
    Last blocked attempt to access the site was 7/18/2017 9:37:19 AM (29 seconds ago).
    0 hits before blocked
    114 blocked hits
    Permanently blocked
    Russia Russia
    IP: 185.188.204.8 [unblock] [permanently blocked]
    Reason: Manual permanent block by admin
    Hostname: 185.188.204.8
    Last blocked attempt to access the site was 7/18/2017 9:37:20 AM (28 seconds ago).
    0 hits before blocked
    116 blocked hits
    Permanently blocked
    Russia Russia
    IP: 185.188.204.6 [unblock] [permanently blocked]
    Reason: Manual permanent block by admin
    Hostname: 185.188.204.6
    Last blocked attempt to access the site was 7/18/2017 9:37:21 AM (27 seconds ago).
    0 hits before blocked
    112 blocked hits
    Permanently blocked
    Russia Russia
    IP: 185.188.204.11 [unblock] [permanently blocked]
    Reason: Manual permanent block by admin
    Hostname: 185.188.204.11
    Last blocked attempt to access the site was 7/18/2017 9:37:21 AM (27 seconds ago).
    0 hits before blocked
    111 blocked hits
    Permanently blocked
    Russia Russia
    IP: 185.188.204.7 [unblock] [permanently blocked]
    Reason: Manual permanent block by admin
    Hostname: 185.188.204.7
    Last blocked attempt to access the site was 7/18/2017 9:37:19 AM (29 seconds ago).
    0 hits before blocked
    107 blocked hits
    Permanently blocked
    Russia Russia
    IP: 185.188.204.12 [unblock] [permanently blocked]
    Reason: Manual permanent block by admin
    Hostname: 185.188.204.12
    Last blocked attempt to access the site was 7/18/2017 9:37:19 AM (29 seconds ago).
    0 hits before blocked
    109 blocked hits
    Permanently blocked
    Russia Russia
    IP: 185.188.204.10 [unblock] [permanently blocked]
    Reason: Manual permanent block by admin
    Hostname: 185.188.204.10
    Last blocked attempt to access the site was 7/18/2017 9:36:50 AM (58 seconds ago).
    0 hits before blocked
    82 blocked hits
    Permanently blocked

Leave a Reply

Your email address will not be published. Required fields are marked *