This caused intermittent issues as we worked to optimize things in the backend. Things are now functioning faster than ever despite attack still continuing.
We still might need to do some more work to optimize things and get the traffic flow off the web server.
We are still checking why it seems there is traffic amplifcation going on as well.
We will continue monitoring the situation and adjust things as needed.
This type of attack is known and here are some further information that came up with googling:
https://isc.sans.edu/forums/diary/Wordpress+Pingback+DDoS+Attacks/17801
https://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html
https://wordpress.org/support/topic/warning-xmlrpc-wordpress-exploit-ddos
https://www.trustwave.com/Resources/SpiderLabs-Blog/WordPress-XML-RPC-PingBack-Vulnerability-Analysis/
We have already traced this attack to NForce network. This has been reported to them. The attack seams to be leaning off slowly and volume has dropped by approximately 40% from peak.
Saturday, March 26, 2016