Are the URLs in xmlrpc DDOS attacks passive, compromised or active participants?

My (Linux / Apache) server has ben under attack for weeks - via xmlrpc.php and wp-login.php - and Wordpress script files.

I took the liberty of adding code to email me the POST data, etc.

What I see for xmlrpc attacks is POST XML which identifies some pingback urls that look suspicious.

For example:

<?xmlversion="1.0"?><methodCall><methodName>pingback.ping</methodName><params><param> <value><string>http://absolutehacks.com/forum</string></value></param><param><value><string>http://www.__my_domain__.com/__a blog url on my site__/</string></value></param></params></methodCall>

      

        
        
        
      

    

and

<?xmlversion="1.0"?><methodCall><methodName>pingback.ping</methodName><params><param><value><string> http://sinfulexp.net/forum</string></value></param><param><value><string>http://www.__my_domain__.com/__a blog url on my site__/</string></value></param></params></methodCall>

      

        
        
        
      

    

I may be wrong, but only by their names - absolutehacks.com, sinfulexp.net. I believe that they are not just passive, compromised participants in these attacks.

Any comments leading to enlightenment would be appreciated.

Colin g