On 5/20/16 4:00 PM, Roman Gelfand wrote: > In the last 2 days we have received roughly 1milion of the following > requests. Just to confirm, is this a DOS attack? > > 191.96.249.52 - - [20/May/2016:18:19:22 -0400] "POST /xmlrpc.php > HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows > NT 6.0)" That looks like a break-in attempt. The effect may be a DOS but I believe that the intent is more sinister. They want to break into your system and take it over. You would think that once they got the first 251 response their code would be smart enough to move on to the next victim but if the coders of these things were smart they would be making real money with legitimate work. Wouldn't life as an ISP be so much better if we could wipe PHP off our servers? I know mine would. -- D'Arcy J.M. Cain System Administrator, Vex.Net http://www.Vex.Net/ IM:darcy@xxxxxxx VoIP: sip:darcy@xxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx