xmlrpc.php attack on a non-wordpress droplet

Posted June 22, 2016 3.3k views

Looks like my server is being hammered by this xmlrpc.php attack.
But I’m not even running wordpress, I’m trying a Flask framework so it’s all 404s.
Should I just ignore it or could it possibly be lagging my droplet?

1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

If the file doesn’t exist, you don’t have anything to worry about it doing anything. Returning a 404 vs a 403 isn’t really going to make a difference, and you can’t stop them from trying.