Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spam-bots hunting for blogs. How to stop this?

Discussion in 'General Discussion' started by jols, Jan 26, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168
    Lately I've been seeing a ton of these in the apache access logs:

    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2evo/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogtest/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /file/forms/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2evo/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /blogtest/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2evo/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /b2/xmlsrv/xmlrpc.php HTTP/1.1" 404 -
    70.85.51.20 - - [26/Jan/2006:02:26:43 -0600] "GET /html/xmlrpc.php HTTP/1.1" 404 -


    I take it that the "404" means that the target of the hunt was not found, but I am sure that this spiking bandwidth like crazy. I am wondering if there is a way to tweak, or add a new rule to the BFD package, or maybe PortSentry that would stop this after only a few seeks. Anyone?


    P.S. What the heck are these about:

    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:03 -0600] "-" 408 -
    210.196.127.184 - - [25/Jan/2006:23:25:03 -0600] "-" 408 -

    These entries sometimes goes on for miles...
     
    #1 jols, Jan 26, 2006
  2. dball

    dball Member

    Joined:
    Dec 19, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Alabama
    Code:
    P.S. What the heck are these about:

210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -
210.196.127.184 - - [25/Jan/2006:23:25:02 -0600] "-" 408 -

    408 is "Request Time-out"

    210.196.127.184 is apparently in Japan (JPNIC Address Space) and allocated to
    Network Information:
    a. [Network Number] 210.196.127.176/28
    b. [Network Name] YOKOHAMA-SSS
    g. [Organization] Yokohama Sogo Shasin Corporation​

    -- David
     
    #2 dball, Jan 26, 2006
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168

    Great. Thanks. That what the heck do you suppose that this is all about? DoS attack?
     
    #3 jols, Jan 26, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - Spam bots hunting
  1. akust0m

    Disable SpamAssassin By Default

    akust0m, Jun 21, 2018 at 5:21 AM, in forum: E-mail Discussion
    Replies:
    3
    Views:
    38
    cPanelMichael
    Jun 21, 2018 at 11:22 AM
  2. charisma09

    Problems With Spam

    charisma09, Jun 16, 2018 at 10:01 PM, in forum: E-mail Discussion
    Replies:
    5
    Views:
    157
    cPanelLauren
    Jun 19, 2018 at 8:57 AM
  3. amjad.q

    Custom SpamAssassin- Multi Rules

    amjad.q, Jun 11, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    61
    cPanelLauren
    Jun 12, 2018
  4. knightmare

    my domain E-Mail go to gmail spam folder

    knightmare, Jun 7, 2018, in forum: E-mail Discussion
    Replies:
    6
    Views:
    111
    cPanelLauren
    Jun 11, 2018
  5. knightmare

    Mail going to spam

    knightmare, Jun 6, 2018, in forum: E-mail Discussion
    Replies:
    3
    Views:
    85
    cPanelLauren
    Jun 7, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice