Re: Possible DOS Attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The abuse email address for  191.96.249.52 is abuse@xxxxxxxxxx
(though most ISPs don't seem to care whether one of their systems has been hacked or not)

On 5/20/16 4:00 PM, Roman Gelfand wrote:
In the last 2 days we have received roughly 1milion of the following requests.  Just to confirm, is this a DOS attack?

191.96.249.52 - - [20/May/2016:18:19:22 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:22 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:23 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:23 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:23 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:23 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:23 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:23 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:24 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:25 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:25 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:25 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:25 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:25 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:25 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:26 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:26 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:27 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:28 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:28 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:29 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:29 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:29 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:29 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:30 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:30 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:30 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:31 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
191.96.249.52 - - [20/May/2016:18:19:31 -0400] "POST /xmlrpc.php HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

Also, what does this mean?

::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"
::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy connection)"

Thanks in advance
 



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux