The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam-bots hunting for blogs. How to stop this?

Discussion in 'General Discussion' started by jols, Jan 26, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168
    Lately I've been seeing a ton of these in the apache access logs:

    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2evo/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogtest/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /file/forms/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2evo/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogtest/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2evo/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /html/xmlrpc.php HTTP/1.1" 404 -


    I take it that the "404" means that the target of the hunt was not found, but I am sure that this spiking bandwidth like crazy. I am wondering if there is a way to tweak, or add a new rule to the BFD package, or maybe PortSentry that would stop this after only a few seeks. Anyone?


    P.S. What the heck are these about:

    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:03 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:03 -0600] "-" 408 -

    These entries sometimes goes on for miles...
     
    #1 jols, Jan 26, 2006
  2. dball

    dball Member

    Joined:
    Dec 19, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Alabama
    Code:
    P.S. What the heck are these about:

210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -

    408 is "Request Time-out"

    210.196.127.184 is apparently in Japan (JPNIC Address Space) and allocated to
    Network Information:
    a. [Network Number] 210.196.127.176/28
    b. [Network Name] YOKOHAMA-SSS
    g. [Organization] Yokohama Sogo Shasin Corporation​

    -- David
     
    #2 dball, Jan 26, 2006
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168

    Great. Thanks. That what the heck do you suppose that this is all about? DoS attack?
     
    #3 jols, Jan 26, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - Spam bots hunting
  1. Patricio dos Santos

    Spamd service wont start

    Patricio dos Santos, Jun 23, 2017 at 10:49 AM, in forum: E-mail Discussions
    Replies:
    5
    Views:
    51
    Patricio dos Santos
    Jun 23, 2017 at 1:06 PM
  2. keat63

    Create a SpamAssassin Score?

    keat63, Jun 22, 2017 at 8:28 AM, in forum: E-mail Discussions
    Replies:
    2
    Views:
    41
    keat63
    Jun 22, 2017 at 10:01 AM
  3. AndyGamming

    Emails to Spam

    AndyGamming, Jun 20, 2017 at 8:01 AM, in forum: E-mail Discussions
    Replies:
    1
    Views:
    33
    cPanelMichael
    Jun 20, 2017 at 9:35 AM
  4. Lorenc Doda

    E-mails goes to spam

    Lorenc Doda, Jun 19, 2017 at 2:10 AM, in forum: E-mail Discussions
    Replies:
    19
    Views:
    136
    cPanelMichael
    Jun 23, 2017 at 10:16 AM
  5. nisamudeen97

    Spamassasin filter foreign language emails

    nisamudeen97, Jun 15, 2017, in forum: E-mail Discussions
    Replies:
    9
    Views:
    117
    keat63
    Jun 22, 2017 at 8:35 AM

Share This Page