[Dshield] scans for certain PHP files
rdshield at leirtech.com
Thu May 8 12:36:36 GMT 2008
> I have noticed a recent surge in scans for certain PHP files in our web
> server logs. The one that concerns me most is the scan for '*xmlrpc.php'
> and 'send_reminders.php'. I do not see any posted current exploits against
> either of these packages.
Recently Wordpress had a vuln for xmlrpc.php
CVE ID : CVE-2008-0664
Last year I suggested a dshield like system for web server logs.
Maybe I should be using fail2ban.org or similar. Has anyone tried fail2ban?
cheers -- Rick
More information about the list