httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "D'Arcy J.M. Cain" <da...@Vex.Net>
Subject Re: [users@httpd] Possible DOS Attack
Date Sat, 21 May 2016 13:22:24 GMT
On 5/20/16 4:00 PM, Roman Gelfand wrote:
> In the last 2 days we have received roughly 1milion of the following
> requests.  Just to confirm, is this a DOS attack?
>
> 191.96.249.52 - - [20/May/2016:18:19:22 -0400] "POST /xmlrpc.php
> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows
> NT 6.0)"

That looks like a break-in attempt.  The effect may be a DOS but I
believe that the intent is more sinister.  They want to break into your
system and take it over.  You would think that once they got the first
251 response their code would be smart enough to move on to the next
victim but if the coders of these things were smart they would be
making real money with legitimate work.

Wouldn't life as an ISP be so much better if we could wipe PHP off our
servers?  I know mine would.

-- 
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy@Vex.Net
VoIP: sip:darcy@Vex.Net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message