Strange DDOS attack

Rank Hits Flag Country IP Agent Platform Version
1 591 Unknown MSIE Windows 7.0
2 589 Unknown MSIE Windows 7.0
3 571 Unknown MSIE Windows 7.0
4 566 Unknown MSIE Windows 7.0
5 547 Unknown MSIE Windows 7.0
6 517 Unknown MSIE Windows 7.0
7 492 Unknown MSIE Windows 7.0
8 138 Unknown MSIE Windows 7.0
9 138 Unknown MSIE Windows 7.0
10 138 Unknown MSIE Windows 7.0

It’s funny, I’ve recently had spam requests trying to guess my admin password for the CentOS server I use to run this website. I can only assume it’s some kind of bruteforce attack.

Then even more recently, someone’s tried to trouble me with this attempted DDOS attack. In my opinion, as oxymoronic as this sounds, security through obscurity isn’t really security at all; however, WordPress is extremely popular and there are ways it can be violated/exploited. This specific type of attack probably wouldn’t exist if WordPress wasn’t so popular. I suggest reading about the “Disable XML-RPC Pingback” plugin and installing it.


Affiliate information. is a participant in the Amazon Services LLC Associates Program and eBay affiliate programme; these are affiliate advertising programmes designed to provide a means for sites to earn advertising fees by advertising and linking to &

As an Amazon Associate I earn from qualifying purchases. I am also a Capture One Pro affiliate partner. Please read the Privacy Policy page.

7 thoughts on “Strange DDOS attack

  • 24/07/2017 at 11:48

    This attack is not targeting you, it is trying to use you as part of a DDoS network.


    Here is a sample of the posted data:
    POST /xmlrpc.php HTTP/1.0
    Content-type: text/xml
    Content-length: 276
    User-agent: Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)
    Connection: close

    In my case it was an attack against

    • 26/07/2017 at 13:56

      Interesting article, and attacks like this are always interesting. They show the ingenuity of the attacker… I hope that doesn’t sound like I admire the guy (or girl) who thought of it, but it’s such a simple way to cause grief to people.

      I have used the term DDOS loosely because the average viewer won’t understand the nature of the problem; it is a type of DDOS (Distributed Denial of Service) attack but you are correct in that it’s not a “distributed” attack for the first victim in the chain; however, it can cause a Denial of Service for the first victim i.e. if I tell you to do something and that slows up someone else, it will also slow you up too. The server I’m hosting this website on isn’t particularly powerful (it doesn’t need to be) and these days I feel like I’m playing whack-a-mole with WordPress’s insecurities.

  • 23/07/2017 at 04:00

    I was also getting DDoS’d by these IPs yesterday (07/21). My site is on AWS. I just migrated from a previous host (on an AWS-backed hosting service). That host was still up, and I thought about redirecting back to it while I figured out what was going on. Nope – it was also getting hammered. Are you on AWS, too?

    • 24/07/2017 at 11:40

      I’m with BHost, a UK hosting company. That’s very strange, I wouldn’t switch networks again, you should just be able to firewall the whole range.

  • 18/07/2017 at 07:37

    Hi, I am also getting DDOS’ed by this IP, we are a company in Thailand that makes games, Sandboxglobal. Just curious if you know a company in Thailand called Arkavis or a guy called Gil Texiera or Daniel Schwartling.

    I have suspicion it could be them.

    Just thought I would ask as you mention travelling on your blog.

    • 18/07/2017 at 18:53

      Cool site! I’ve never heard of them, sorry. Perhaps they post on photography forums with a different name or something? I whois’d the IP and it’s coming from a russian box, but that could be literally anyone and not necessarily a russian.

  • 18/07/2017 at 02:39

    I got ddos by this ip range too starting yesterday………I banned all network inbound and went to bed, then pull my site up again and block a whole bunch of ip that still hitting my site landing at http://xx.xx.xx.xx/xmlrpc.php.

    IP list as below

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.