Question

xmlrpc.php attack on a non-wordpress droplet

Posted June 22, 2016 2.6k views
Ubuntu Apache WordPress Firewall

Looks like my server is being hammered by this xmlrpc.php attack.
But I’m not even running wordpress, I’m trying a Flask framework so it’s all 404s.
Should I just ignore it or could it possibly be lagging my droplet?

1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

If the file doesn’t exist, you don’t have anything to worry about it doing anything. Returning a 404 vs a 403 isn’t really going to make a difference, and you can’t stop them from trying.

Submit an Answer