Web Hosting Forum - Explore the Latest in Web Hosting Discussions

We are a community of individuals and businesses passionate about web hosting. Let's build, learn, and grow together.

how to stop server doing bruteforce xml-rpc?

hughes

Newbie
Registered
Hello,

I just received abuse email from the data center that my server is doing xml-rpc bruteforce, I use this server for shared hosting.
please help to check which account is doing bruteforce and how to stop this bruteforce attack.

thanks
 
  • Advertisement
  • Try checking outbound connection using netstat
    Code:
    # netstat -nputw

    looking for IP destination there, there is a PID too.

    can also use tcpdump when the attack is running, or check running suspicious programs.
     

    Advertisement

    Back
    Top