I use Fail2Ban which is available from the EPEL repo to ban these addresses.
Works well for SSH attacks by skriptkiddies as well. I usually block an address
for 8 hours.
On 10/02/2014 10:29 AM, Mike Burger wrote:
On 2014-10-02 10:23 am, Jerry Geis wrote:
I just got SLAMMED with accessed to httpd from
91.230.121.156
I added the address to my firewall to drop it.
FYI
host 91.230.121.156
156.121.230.91.in-addr.arpa domain name pointer
no-rdns.offshorededicated.net.
Are you running Wordpress?
My company's Wordpress installation was getting hammered by an IP in the same
netblock, yesterday...look in your httpd logs for repeated POST operations to
xmlrpc.php.
--
*********************************************************
David P. Both, RHCE
Millennium Technology Consulting LLC
Raleigh, NC, USA
919-389-8678
db...@millennium-technology.com
www.millennium-technology.com
www.databook.bz - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*********************************************************
This communication may be unlawfully collected and stored by the National
Security Agency (NSA) in secret. The parties to this email do not consent to
the retrieving or storing of this communication and any related metadata, as
well as printing, copying, re-transmitting, disseminating, or otherwise using
it. If you believe you have received this communication in error, please delete
it immediately.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos