We have noticed over the last few days what seems to be a vulnerability scan coming from a private network on our server. 10.16.0.5
We do not have Private Networking enabled.
Fortunately, the vulnerability seems to be for Wordpress Revoslider, which we do not use on this server.
They also seem to have found our admin folder which we have renamed to something obscure.
If someone could advise how they have (a) managed to find our admin folder name and (b) how they can be accessing our site from a DO Private Network IP
Thanks in anticipation.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi, first of all i would check if its your private ip. (they were assigned automatically, whether private networking is enabled or disabled)
ip a
If it´s not YOUR private IP address i would suggest you to block this IP via iptables and contact digitalocean via Support-System.
iptables -i eth0 -A INPUT -s 10.16.0.5/32 -j DROP
Regards,
Many thanks for your answer. It does appear to be our IP address.
This leads me to ask, how then could it appear in the web logs of our software, appearing to request a vulnerability ?
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.