[Dshield] scans for certain PHP files

Brenden Walker BKWalker at drbsystems.com
Fri May 9 13:32:53 GMT 2008


> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Rick Leir
> Sent: Thursday, May 08, 2008 8:37 AM
> To: list at lists.dshield.org
> Subject: Re: [Dshield] scans for certain PHP files
>
> > I have noticed a recent surge in scans for certain PHP files in our
> > web server logs. The one that concerns me most is the scan
> for '*xmlrpc.php'
> > and 'send_reminders.php'. I do not see any posted current exploits
> > against either of these packages.
>
> Recently Wordpress had a vuln for xmlrpc.php CVE ID : CVE-2008-0664
>
> Last year I suggested a dshield like system for web server logs.
>
> Maybe I should be using fail2ban.org or similar. Has anyone
> tried fail2ban?

I use fail2ban to ban ip's trying to brute my ftp and a few specific web based attacks.  Works well, I generally get 3 or 4 bans per day due to brute attacks against FTP.



More information about the list mailing list