Strange status in Apache status

[Benjade77]

Hi,

I have a strange status in my Apache Status:

0-3

43083

0/60/557

_

21.47

402

0

292342

0.0

2.38

19.60

176.57.220.137

http/1.1

1-3

43396

0/149/321

_

34.58

402

1

232453

0.0

4.80

11.85

176.57.220.137

http/1.1

host.domain.tld:80

Akitaskid.arm7;rm+-rf+Akitaskid.arm7 Zyxel.arm7%3b%23&remoteSub

The IP seems to be based in Russia and as I know the Russians are very good at hacking (USA vote) so I am wondering.

Can someone tell me more?

Thank you very much.

 

[cPRex]

Hey there! With "rm -rf" present in the status, it looks like this IP address could be attempting malicious traffic. If this were my system I would likely block that IP address.

If you know you should not be seeing any traffic from a certain country, you could use a country-code block in a tool like CSF to block the entire country at the firewall level.

 

[Benjade77]

This is what is weird because I blocked russia in cPhulk but it still seems to pass. It's dangerous or not ?

 

[cPRex]

No country code range is ever perfect, so it's possible that didn't get identified as coming from the listed country. While the commands that person is trying would not run with that type of connection, that IP is clearly looking for vulnerabilities.

 

[Benjade77]

ok, I will block the ip ^^ Thank you

 

[cPRex]

You're welcome!