how to stop server doing bruteforce xml-rpc?

Share your past and present experiences with Dedicated Servers. Discuss topics such as server solutions, running your servers, your preferences and your thoughts on Windows and Linux servers.
Post Reply
hughes
Newbie
Posts: 2
Joined: Thu Apr 05, 2018 2:38 pm

Mon Dec 10, 2018 4:23 pm

Hello,

I just received abuse email from the data center that my server is doing xml-rpc bruteforce, I use this server for shared hosting.
please help to check which account is doing bruteforce and how to stop this bruteforce attack.

thanks


User avatar
geniusmojo
Newbie
Posts: 3
Joined: Mon Dec 10, 2018 10:23 pm

Mon Dec 10, 2018 10:33 pm

Try checking outbound connection using netstat

Code: Select all

# netstat -nputw

looking for IP destination there, there is a PID too.

can also use tcpdump when the attack is running, or check running suspicious programs.
Post Reply
  • Information
  • Who is online

    Users browsing this forum: No registered users and 0 guests