I use Fail2Ban which is available from the EPEL repo to ban these addresses.
Works well for SSH attacks by skriptkiddies as well. I usually block an address
for 8 hours.
On 10/02/2014 10:29 AM, Mike Burger wrote:
On 2014-10-02 10:23 am, Jerry Geis wrote:
I just got SLAMMED with accessed to httpd from
91.230.121.156
I added the address to my firewall to drop it.
FYI
host 91.230.121.156
156.121.230.91.in-addr.arpa domain name pointer
no-rdns.offshorededicated.net.
Are you running Wordpress?
My company's Wordpress installation was getting hammered by an IP in the same
netblock, yesterday...look in your httpd logs for repeated POST operations to
xmlrpc.php.
--
*********************************************************
David P. Both, RHCE
Millennium Technology Consulting LLC
Raleigh, NC, USA
919-389-8678
dboth@xxxxxxxxxxxxxxxxxxxxxxxxx
www.millennium-technology.com
www.databook.bz - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*********************************************************
This communication may be unlawfully collected and stored by the National Security Agency (NSA) in secret. The parties to this email do not consent to the retrieving or storing of this communication and any related metadata, as well as printing, copying, re-transmitting, disseminating, or otherwise using it. If you believe you have received this communication in error, please delete it immediately.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
