Hacker detection module?
Some entries in my log file show hackers looking for php
vulnerabilities:
216.206.179.136 - - [09/May/2006:11:17:48 -0500] "GET /ads/adxmlrpc.php HTTP/1.0" 404 294 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:48 -0500] "GET /xmlrpc.php HTTP/1.0" 404 288 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:48 -0500] "GET /xmlrpc/xmlrpc.php HTTP/1.0" 404 295 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:48 -0500] "GET /xmlsrv/xmlrpc.php HTTP/1.0" 404 295 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:48 -0500] "GET /blog/xmlrpc.php HTTP/1.0" 404 293 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:49 -0500] "GET /drupal/xmlrpc.php HTTP/1.0" 404 295 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:49 -0500] "GET /community/xmlrpc.php HTTP/1.0" 404 298 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:49 -0500] "GET /blogs/xmlrpc.php HTTP/1.0" 404 294 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:49 -0500] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.0" 404 301 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:49 -0500] "GET /blog/xmlsrv/xmlrpc.php HTTP/1.0" 404 300 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:50 -0500] "GET /blogtest/xmlsrv/xmlrpc.php HTTP/1.0" 404 304 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:50 -0500] "GET /b2/xmlsrv/xmlrpc.php HTTP/1.0" 404 298 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:50 -0500] "GET /b2evo/xmlsrv/xmlrpc.php HTTP/1.0" 404 301 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:50 -0500] "GET /wordpress/xmlrpc.php HTTP/1.0" 404 298 "-" "-"
216.206.179.136 - - [09/May/2006:11:17:50 -0500] "GET /phpgroupware/xmlrpc.php HTTP/1.0" 404 301 "-" "-"
Is there some way (a module perhaps) to quickly detect such hack attacks and block the IP?
i
|