Friday, April 06, 2007

Another php attack - XMLRPC.PHP etc.

If you are running php and using any of the files below beware - there is probably some sort of hack in them. This attack comes from 61.62.83.165

Surprise, surprise - Taiwan.

inetnum: 61.62.0.0 - 61.62.255.255netname: SONET-NETcountry: TW

Taiwan is a big hacker source. If you're not doing business there you may want to consider blocking out IPs from this country. If you're not getting any money from Taiwan the only thing you will get is a bunch of problems.

269083 BLOCKED 5dmervkrad0bs Thu Apr 05 00:29:54 PDT 2007 61.62.83.165 /phpgroupware/xmlrpc.php /phpgroupware/xmlrpc.php 83 7 1 4/5/2007 12:29:54 AM 5 4 4/5/2007 12:29:54 AM
269082 BLOCKED 1gpe1xqetqxi1 Thu Apr 05 00:29:54 PDT 2007 61.62.83.165 /phpgroupware/xmlrpc.php /phpgroupware/xmlrpc.php 83 7 1 4/5/2007 12:29:54 AM 5 4 4/5/2007 12:29:54 AM
269081 BLOCKED 4famei5pnqlkj Thu Apr 05 00:29:53 PDT 2007 61.62.83.165 /wordpress/xmlrpc.php /wordpress/xmlrpc.php 83 7 1 4/5/2007 12:29:54 AM 5 4 4/5/2007 12:29:54 AM
269080 BLOCKED 48978s37c7mpo Thu Apr 05 00:29:53 PDT 2007 61.62.83.165 /wordpress/xmlrpc.php /wordpress/xmlrpc.php 83 7 1 4/5/2007 12:29:54 AM 5 4 4/5/2007 12:29:54 AM
269079 BLOCKED 9ur4s0tv5oqc Thu Apr 05 00:29:53 PDT 2007 61.62.83.165 /b2evo/xmlsrv/xmlrpc.php /b2evo/xmlsrv/xmlrpc.php 83 7 1 4/5/2007 12:29:53 AM 5 4 4/5/2007 12:29:53 AM
269078 BLOCKED 2rkqne24ojvle Thu Apr 05 00:29:53 PDT 2007 61.62.83.165 /b2evo/xmlsrv/xmlrpc.php /b2evo/xmlsrv/xmlrpc.php 83 7 1 4/5/2007 12:29:53 AM 5 4 4/5/2007 12:29:53 AM
269077 BLOCKED vt6xth4n6s0r Thu Apr 05 00:29:52 PDT 2007 61.62.83.165 /b2/xmlsrv/xmlrpc.php /b2/xmlsrv/xmlrpc.php 83 7 1 4/5/2007 12:29:53 AM 5 4 4/5/2007 12:29:53 AM
269076 BLOCKED qiox5oyth034 Thu Apr 05 00:29:52 PDT 2007 61.62.83.165 /b2/xmlsrv/xmlrpc.php /b2/xmlsrv/xmlrpc.php 83 7 1 4/5/2007 12:29:53 AM 5 4 4/5/2007 12:29:53 AM
269075 BLOCKED e7ecb4966qpr7 Thu Apr 05 00:29:52 PDT 2007 61.62.83.165 /blogtest/xmlsrv/xmlrpc.php /blogtest/xmlsrv/xmlrpc.php 83 7 1 4/5/2007 12:29:52 AM 5 4 4/5/2007 12:29:52 AM
269074 BLOCKED 12ncmocu7lv5a Thu Apr 05 00:29:52 PDT 2007 61.62.83.165 /blogtest/xmlsrv/xmlrpc.php