how to stop server doing bruteforce xml-rpc?

Welcome to our community

Be apart of something great, join today!

hughes

Newbie
Messages
3
Reaction score
0
Points
1
Hello,

I just received abuse email from the data center that my server is doing xml-rpc bruteforce, I use this server for shared hosting.
please help to check which account is doing bruteforce and how to stop this bruteforce attack.

thanks
 
  • Advertisement
  • geniusmojo 

    Premium Member
    Messages
    26
    Reaction score
    1
    Points
    3
    Try checking outbound connection using netstat
    Code:
    # netstat -nputw

    looking for IP destination there, there is a PID too.

    can also use tcpdump when the attack is running, or check running suspicious programs.
     

    Advertisement

    Top