Strange Report from LFD

isputra

isputra

Well-Known Member
May 3, 2003
574
0
166
Mbelitar
Hi,

I just received report from LFD like below :

--------------------------------------
On Sat Feb 17 19:45:20 2007, the Login Failure Daemon detected 207.58.149.229 (transfer.cpanel11.com) generating 9 (mod_security) login failures within the last 230 seconds and was blocked.

Log entries:

[Sat Feb 17 19:45:16 2007] [error] [client 207.58.149.229] mod_security: Access denied with code 406. Pattern match "adxmlrpc.php" at REQUEST_URI [uri "/adxmlrpc.php"]
[Sat Feb 17 19:45:16 2007] [error] [client 207.58.149.229] mod_security: Access denied with code 406. Pattern match "adxmlrpc.php" at REQUEST_URI [uri "/adxmlrpc.php"]
[Sat Feb 17 19:45:16 2007] [error] [client 207.58.149.229] mod_security: Access denied with code 406. Pattern match "adxmlrpc.php" at REQUEST_URI [uri "/adxmlrpc.php"]
[Sat Feb 17 19:45:16 2007] [error] [client 207.58.149.229] mod_security: Access denied with code 406. Pattern match "adxmlrpc.php" at REQUEST_URI [uri "/adserver/adxmlrpc.php"]
[Sat Feb 17 19:45:16 2007] [error] [client 207.58.149.229] mod_security: Access denied with code 406. Pattern match "adxmlrpc.php" at REQUEST_URI [uri "/adserver/adxmlrpc.php"]
[Sat Feb 17 19:45:16 2007] [error] [client 207.58.149.229] mod_security: Access denied with code 406. Pattern match "adxmlrpc.php" at REQUEST_URI [uri "/adserver/adxmlrpc.php"]
[Sat Feb 17 19:45:16 2007] [error] [client 207.58.149.229] mod_security: Access denied with code 406. Pattern match "adxmlrpc.php" at REQUEST_URI [uri "/phpAdsNew/adxmlrpc.php"]
[Sat Feb 17 19:45:16 2007] [error] [client 207.58.149.229] mod_security: Access denied with code 406. Pattern match "adxmlrpc.php" at REQUEST_URI [uri "/phpAdsNew/adxmlrpc.php"]
[Sat Feb 17 19:45:16 2007] [error] [client 207.58.149.229] mod_security: Access denied with code 406. Pattern match "adxmlrpc.php" at REQUEST_URI [uri "/adxmlrpc.php"]
---------------------------------

Yes, its from cpanel or maybe from cpanel because the domain looks like from cpanel. Is it true the ip and domain from cpanel ?
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
J Strange programs running server Security 2
R Security advisor strange results Security 20
R Strange Virus in Cpanel Security 6
B Strange status in Apache status Security 5
R strange requests Security 3
Similar threads
Strange programs running server
Security advisor strange results
Strange Virus in Cpanel
Strange status in Apache status
strange requests
Top Bottom