I just got SLAMMED with accessed to httpd from 91.230.121.156 I added the address to my firewall to drop it. FYI host 91.230.121.156 156.121.230.91.in-addr.arpa domain name pointer no-rdns.offshorededicated.net. Jerry
On 2014-10-02 10:23 am, Jerry Geis wrote:> I just got SLAMMED with accessed to httpd from > 91.230.121.156 > > I added the address to my firewall to drop it. > FYI > > host 91.230.121.156 > 156.121.230.91.in-addr.arpa domain name pointer > no-rdns.offshorededicated.net.Are you running Wordpress? My company's Wordpress installation was getting hammered by an IP in the same netblock, yesterday...look in your httpd logs for repeated POST operations to xmlrpc.php. -- Mike Burger http://www.bubbanfriends.org "It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
> Are you running Wordpress?> My company's Wordpress installation was getting hammered by an IP in the > same netblock, yesterday...look in your httpd logs for repeated POST >operations to xmlrpc.php.> yes that is it.Jerry On Thu, Oct 2, 2014 at 10:23 AM, Jerry Geis <geisj at pagestation.com> wrote:> I just got SLAMMED with accessed to httpd from > 91.230.121.156 > > I added the address to my firewall to drop it. > FYI > > host 91.230.121.156 > 156.121.230.91.in-addr.arpa domain name pointer > no-rdns.offshorededicated.net. > > > > Jerry >
Jerry Geis wrote:> I just got SLAMMED with accessed to httpd from > 91.230.121.156 > > I added the address to my firewall to drop it. > FYI > > host 91.230.121.156 > 156.121.230.91.in-addr.arpa domain name pointer > no-rdns.offshorededicated.net. >Install fail2ban, and set up a filter. mark