[CentOS] slammed

Thu Oct 2 16:14:43 UTC 2014
David Both <dboth at millennium-technology.com>

I use Fail2Ban which is available from the EPEL repo to ban these addresses. 
Works well for SSH attacks by skriptkiddies as well. I usually block an address 
for 8 hours.




On 10/02/2014 10:29 AM, Mike Burger wrote:
> On 2014-10-02 10:23 am, Jerry Geis wrote:
>> I just got SLAMMED with accessed to httpd from
>> 91.230.121.156
>>
>> I added the address to my firewall to drop it.
>> FYI
>>
>> host 91.230.121.156
>> 156.121.230.91.in-addr.arpa domain name pointer
>> no-rdns.offshorededicated.net.
>
> Are you running Wordpress?
>
> My company's Wordpress installation was getting hammered by an IP in the same 
> netblock, yesterday...look in your httpd logs for repeated POST operations to 
> xmlrpc.php.
>
>
> -- 
>
>
> *********************************************************
> David P. Both, RHCE
> Millennium Technology Consulting LLC
> Raleigh, NC, USA
> 919-389-8678
>
> dboth at millennium-technology.com
>
> www.millennium-technology.com
> www.databook.bz - Home of the DataBook for Linux
> DataBook is a Registered Trademark of David Both
> *********************************************************
> This communication may be unlawfully collected and stored by the National Security Agency (NSA) in secret. The parties to this email do not consent to the retrieving or storing of this communication and any related metadata, as well as printing, copying, re-transmitting, disseminating, or otherwise using it. If you believe you have received this communication in error, please delete it immediately.
>