Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spam-bots hunting for blogs. How to stop this?

Discussion in 'General Discussion' started by jols, Jan 26, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,110
    Likes Received:
    3
    Trophy Points:
    168
    Lately I've been seeing a ton of these in the apache access logs:

    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2evo/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogtest/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /file/forms/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2evo/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogtest/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2evo/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /html/xmlrpc.php HTTP/1.1" 404 -


    I take it that the "404" means that the target of the hunt was not found, but I am sure that this spiking bandwidth like crazy. I am wondering if there is a way to tweak, or add a new rule to the BFD package, or maybe PortSentry that would stop this after only a few seeks. Anyone?


    P.S. What the heck are these about:

    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:03 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:03 -0600] "-" 408 -

    These entries sometimes goes on for miles...
     
    #1 jols, Jan 26, 2006
  2. dball

    dball Member

    Joined:
    Dec 19, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Alabama
    Code:
    P.S. What the heck are these about:

210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -

    408 is "Request Time-out"

    210.196.127.184 is apparently in Japan (JPNIC Address Space) and allocated to
    Network Information:
    a. [Network Number] 210.196.127.176/28
    b. [Network Name] YOKOHAMA-SSS
    g. [Organization] Yokohama Sogo Shasin Corporation​

    -- David
     
    #2 dball, Jan 26, 2006
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,110
    Likes Received:
    3
    Trophy Points:
    168

    Great. Thanks. That what the heck do you suppose that this is all about? DoS attack?
     
    #3 jols, Jan 26, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - Spam bots hunting
  1. gotroot

    New Thread Updating Apache SpamAssassin reject spam score threshold issue

    gotroot, Jan 20, 2019 at 12:00 PM, in forum: E-mail Discussion
    Replies:
    0
    Views:
    103
    gotroot
    Jan 20, 2019 at 12:00 PM
  2. Smartypants

    New Thread SpamAssassin constantly crashing, reinstall script fails

    Smartypants, Jan 19, 2019 at 1:32 PM, in forum: E-mail Discussion
    Replies:
    0
    Views:
    130
    Smartypants
    Jan 19, 2019 at 1:32 PM
  3. martin MHC

    Spam Filter Auto Delete Setting

    martin MHC, Jan 17, 2019 at 2:37 PM, in forum: E-mail Discussion
    Replies:
    4
    Views:
    230
    Infopro
    Jan 17, 2019 at 4:05 PM
  4. wonderfall

    SpamAssassin Auto-Delete Not Working As Expected

    wonderfall, Jan 14, 2019, in forum: E-mail Discussion
    Replies:
    10
    Views:
    329
    cPanelLauren
    Jan 17, 2019 at 2:58 PM
  5. PAFFY

    Emails going into spam folder

    PAFFY, Jan 14, 2019, in forum: E-mail Discussion
    Replies:
    3
    Views:
    238
    cPanelLauren
    Jan 15, 2019 at 7:12 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice