Why are xmlrpc.php entries still in other_vhosts_access.log?
I use ufw and fail2ban, and I’ve come across some behavior I don’t understand, and this leads me to think that something’s not configured correctly. I noticed a ton of POSTs from two IP addresses over and over again that I cannot identify. What’s weird, though, is even if I add them to ufw, they still show in othervhostsaccess.log. These addresses and attempts do not show in access.log, however.
Just to be clear, I added them using “insert” so that the deny statements are above the allow statements for ports 80 and 443. I even tried resetting the rules and starting over.