Question
Abuse Report - Is my server being used in a botnet?
I gotten the following report from Digital Ocean in an abuse report. I got on before and did the following:
1) Changed my passwords.
2) Disabled several websites (wordpress!)
3) Scanned my box with clamav - found some stuff in wordpress site (it has been removed).
I'm not sure where to go from here but it looks like my box is still being abused. Any help?
Hi, We have detected a network attack from an IP ( 192.241.xxx.xxx ) from your network, a computer connected to it is probably infected and being part of a botnet. Please check it and fix it up as soon as possible. Thank you.
The IP 192.241.xxx.xxx has just been banned by Fail2Ban after
4 attempts against apache-attack.
Domain: dondevasconesoshierros.com (195.78.231.40)
Here are more information about 192.241.xxx.xxx:
Lines containing IP:192.241.xxx.xxx in /furanet/sites/*/web/htdocs/logs/access
/furanet/sites/dondevasconesoshierros.com/web/htdocs/logs/access:192.241.xxx.xxx - - [24/Feb/2014:03:54:06 +0100] "POST /wp-login.php HTTP/1.0" 200 1946 "-" "-" "-"
/furanet/sites/dondevasconesoshierros.com/web/htdocs/logs/access:192.241.xxx.xxx - - [24/Feb/2014:03:54:07 +0100] "POST /wp-login.php HTTP/1.0" 200 1946 "-" "-" "-"
/furanet/sites/dondevasconesoshierros.com/web/htdocs/logs/access:192.241.xxx.xxx - - [24/Feb/2014:03:54:07 +0100] "POST /wp-login.php HTTP/1.0" 200 1946 "-" "-" "-"
/furanet/sites/dondevasconesoshierros.com/web/htdocs/logs/access:192.241.xxx.xxx - - [24/Feb/2014:03:54:07 +0100] "POST /wp-login.php HTTP/1.0" 200 1946 "-" "-" "-"
/furanet/sites/dondevasconesoshierros.com/web/htdocs/logs/access:192.241.xxx.xxx - - [24/Feb/2014:03:54:08 +0100] "POST /wp-login.php HTTP/1.0" 200 1946 "-" "-" "-"
Add a comment
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×