Apache/error.log is swamped with 'xmlrpc.php'. CPU at 50%. IPv6 enabled...

[BBM]

I recently made a number of websites on my server available through IPv6, thinking 'to be ready for the future'... but occassionally, (like now for instance, and for over 2 hours already) the CPU load is around 50% as the server is being flooded with

script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat

... and all coming from various IPv6 ip's.

Here are the last 24 lines of apache/error.log;

[Tue Jul 29 10:58:22.923132 2014] [:error] [pid 10307] [client 2602:306:bc25:e1c0:41c9:d116:23f5:117c:57480] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 10:58:34.322848 2014] [:error] [pid 10243] [client 2a01:e35:8a85:d370:21a9:de6b:25aa:5ae1:1485] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 10:58:42.671697 2014] [:error] [pid 9821] [client 2a02:2f07:418f:ffff::50d:e0a:50715] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 10:59:37.804584 2014] [:error] [pid 10481] [client 2a02:2f07:d27f:ffff::50f:24fb:54488] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 10:59:42.241461 2014] [:error] [pid 10481] [client 2003:57:6f5e:f962:d5a4:78e0:a34:be8c:58356] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 10:59:53.357053 2014] [:error] [pid 9821] [client 2602:30a:2ed2:67a0::46:54591] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:00:22.363410 2014] [:error] [pid 11029] [client 2604:2000:6a60:aa00:e998:b93f:2b26:7439:56437] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:01:20.037259 2014] [:error] [pid 10994] [client 41.72.120.15:56779] script '/var/www/html/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:01:25.982460 2014] [:error] [pid 10964] [client 2a02:2f08:527f:ffff::567e:b087:55501] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:01:26.482143 2014] [:error] [pid 11210] [client 2a02:2f07:c042:1000:8899:db31:d65f:84c8:57676] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:01:27.068951 2014] [:error] [pid 11025] [client 2a02:2f08:527f:ffff::567e:b087:55536] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:01:29.578747 2014] [:error] [pid 10982] [client 2602:301:77e8:5d60:b09f:ad24:c2ce:df6f:65440] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:02:17.730180 2014] [:error] [pid 11109] [client 2602:306:bdd3:9610:7c35:8631:43dd:4c3e:61180] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:02:29.938241 2014] [:error] [pid 11109] [client 2601:c:80:5f:6808:ca45:24a4:313e:60163] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:03:34.321758 2014] [:error] [pid 10136] [client 2a02:2f09:602f:ffff::4f77:b2e0:60977] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:03:53.579518 2014] [:error] [pid 11280] [client 2001:e68:5431:4b4b:f5a2:68e5:daca:4739:50618] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:05:00.723082 2014] [:error] [pid 12054] [client 2002:50d:d4ec::50d:d4ec:1037] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:05:24.793035 2014] [:error] [pid 10994] [client 2602:306:cc4f:a8b0:79b9:b608:41d3:67bf:64540] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:06:28.409042 2014] [:error] [pid 11986] [client 2a01:e35:87e7:c320:840:2650:c8e6:7848:57149] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:06:28.574190 2014] [:error] [pid 12054] [client 2a02:2f0e:70af:ffff::567c:7f16:62085] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:07:17.410313 2014] [:error] [pid 10994] [client 2a02:2f0e:103f:ffff::bc18:7a65:56065] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:07:23.020960 2014] [:error] [pid 11986] [client 2001:738:6001:500:f172:fb25:a48:ed1b:63904] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:08:57.904452 2014] [:error] [pid 12592] [client 2a01:e35:2e0f:4110:15c1:e844:ea13:de55:65527] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat
[Tue Jul 29 11:09:33.235414 2014] [:error] [pid 11986] [client 2602:306:c50b:8fe0:9497:35fb:7ed3:1c42:53044] script '/home/admin/domains/sharedip/xmlrpc.php' not found or unable to stat

This has been going since just before 9.00AM and it's now 11:15AM (localtime).

What would be an efficient measure against this crap to lessen the load on the server?
Simply turning off IPv6 and deal with it on a later date seems like a viable option right now...

 

[zEitEr]

Hello,

If you are using a firewall, you might need to update it's rules to control connections over Ipv6. Also you might want to either grep logs for those records and block IPs with firewall, or write a script and place it here /home/admin/domains/sharedip/xmlrpc.php to ban those IP from which they request it.

 

[ditto]

I don't have any information regarding to ipv6 in this case, however there is a new trend with a kind of bruteforce attack against WordPress xmlrpc.php file wich I am also seeing on my servers these days. You can read more about it here: http://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html

 

[BBM]

Thanks for the link Ditto.
I've been Googling for issues related to xmlrpc didn't find much recent items.

IMO, I think ip-blocking is becoming fairly useless with the abundance of ip6 numbers available. Unless blocking entire large ranges is needed again.
But that's like killing musquitoes with a bazooka.