Possible vulnerability scan spotted in web analytics

Question

We have noticed over the last few days what seems to be a vulnerability scan coming from a private network on our server. 10.16.0.5

We do not have Private Networking enabled.

Fortunately, the vulnerability seems to be for Wordpress Revoslider, which we do not use on this server.

They also seem to have found our admin folder which we have renamed to something obscure.

If someone could advise how they have (a) managed to find our admin folder name and (b) how they can be accessing our site from a DO Private Network IP

Thanks in anticipation.

Answer 1

H4DES August 7, 2016

Hi,
first of all i would check if its your private ip. (they were assigned automatically, whether private networking is enabled or disabled)

ip a

If it´s not YOUR private IP address i would suggest you to block this IP via iptables and contact digitalocean via Support-System.

iptables -i eth0 -A INPUT -s 10.16.0.5/32 -j DROP

Regards,

Reply Report

Answer 2

uksbrara August 7, 2016

Many thanks for your answer. It does appear to be our IP address.

This leads me to ask, how then could it appear in the web logs of our software, appearing to request a vulnerability ?

Reply Report

Related

Question

Possible vulnerability scan spotted in web analytics

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Possible vulnerability scan spotted in web analytics

Related

Leave a comment

Related

question

All of my sites on DigitalOcean hacked.

question

how to downgrade phpt5 version to old version ?

question

My droplet is disabled an unusual large amount of traffic

question

Install and configure GRAV CMS with plugins

Looking for something else?