[Dshield] scans for certain PHP files

Rick Leir rdshield at leirtech.com
Thu May 8 12:36:36 GMT 2008


> I have noticed a recent surge in scans for certain PHP files in our web
> server logs. The one that concerns me most is the scan for '*xmlrpc.php'
> and 'send_reminders.php'. I do not see any posted current exploits against
> either of these packages.

Recently Wordpress had a vuln for xmlrpc.php
CVE ID : CVE-2008-0664

Last year I suggested a dshield like system for web server logs.

Maybe I should be using fail2ban.org or similar. Has anyone tried fail2ban?
cheers -- Rick


More information about the list mailing list