Help for Abuse Report

Antworten
stedica
Beiträge: 1
Registriert: 1. Feb 2016, 04:57

Help for Abuse Report

Beitrag von stedica » 1. Feb 2016, 05:32

Hello:

I got this abuse report and would like to know how I can prevent this from happening in the future. How to fix this on my server.

Reported-From: abuse-team@blocklist.de
Category: abuse
Report-Type: login-attack
Service: bruteforcelogin
Version: 0.2
User-Agent: Fail2BanFeedBackScript blocklist.de V0.2
Date: Tue, 26 Jan 2016 15:37:36 +0100
Source-Type: ip-address
Source: 184.172.17.18
Port: 80
Report-ID: 723279237@blocklist.de
Schema-URL: http://www.x-arf.org/schema/abuse_login ... 0.1.2.json
Attachment: text/plain

/var/log/apache/pucorp.org.log:184.172.17.18 - - [26/Jan/2016:15:37:20 +0100] "POST /xmlrpc.php HTTP/1.0" 200 494 "-" "-"
/var/log/apache/pucorp.org.log:184.172.17.18 - - [26/Jan/2016:15:37:26 +0100] "POST /xmlrpc.php HTTP/1.0" 200 716 "-" "-"
/var/log/apache/pucorp.org.log:184.172.17.18 - - [26/Jan/2016:15:37:27 +0100] "POST /xmlrpc.php HTTP/1.0" 200 55798 "-" "-"
/var/log/apache/pucorp.org.log:184.172.17.18 - - [26/Jan/2016:15:37:30 +0100] "POST /xmlrpc.php HTTP/1.0" 200 55798 "-" "-"
/var/log/apache/pucorp.org.log:184.172.17.18 - - [26/Jan/2016:15:37:33 +0100] "POST /xmlrpc.php HTTP/1.0" 200 55798 "-" "-"
/var/log/apache/pucorp.org.log:184.172.17.18 - - [26/Jan/2016:15:37:36 +0100] "POST /xmlrpc.php HTTP/1.0" 200 55798 "-" "-"

Benutzeravatar
Martin
Beiträge: 397
Registriert: 14. Sep 2010, 11:54
Kontaktdaten:

Re: Help for Abuse Report

Beitrag von Martin » 4. Feb 2016, 21:40

Hello,

in this case, please check all installed Wordpress, that he are not compromised.
And look for modified Files like libworker.so, libso48.php and other hacked Joomla/Wordpress sites.

You can identify them, when you look for POST-Requests for the Timestamp +-3Minutes from the committed logfiles.
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service

Antworten