Somebody is attacking my server currently.
The IP is coming from 185.130.5.209
He keeps posting garbage data to the XMLRPC interface of my Blog wordpress
<?xmlversion=”1.0″?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>http://www.butlerharris.com/?s=a&submit=Search</string></value></param><param><value><string>https://blog.twei7.com/lvm-in-ubuntu/</string></value></param></params></methodCall>
The attack starts 7:00PM. I have dinner with my friends and I come back at 10PM.
When I look at my server status, I discover an unusual increase of my CPU load and network load.
Then I find the MYSQL has unusually high traffic.
Then I find the WordPress database is rather busy.
Finally, I pull the log of Apache access, and find an evil guy is crazily posting data to my blog through xmlrpc.php
Then I temporary delete the xmlrpc.php file. So it will only has 404 error and get nothing meanful.
I will then block the IP address, and patch the xmlrpc file. Fuck you 185.130.5.209.
==============================================
After some google, I now realize this is a kind of DDoS attack.
The attacker is not targeting at my server. He is using my machine to target somebody else. It uses the pingback hole of the wordpress to do so. For more details in here.
https://isc.sans.edu/forums/diary/Wordpress+Pingback+DDoS+Attacks/17801/