xmlrpc.php attack on a non-wordpress droplet

June 22, 2016 430 views
Firewall Apache WordPress Ubuntu

Looks like my server is being hammered by this xmlrpc.php attack.
But I'm not even running wordpress, I'm trying a Flask framework so it's all 404s.
Should I just ignore it or could it possibly be lagging my droplet?

1 comment
1 Answer

If the file doesn't exist, you don't have anything to worry about it doing anything. Returning a 404 vs a 403 isn't really going to make a difference, and you can't stop them from trying.

Have another answer? Share your knowledge.