๐ซ๐ฎ
YF
2026-07-17 20:00:55
(6 hours ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐ช๐ธ
masterguru
2026-07-17 15:42:58
(10 hours ago)
(xmlrpc) Failed xmlrpc access from 217.195.153.81 (NL/The Netherlands/nl1.shockvpn.net): 5 in the la ...
show more
(xmlrpc) Failed xmlrpc access from 217.195.153.81 (NL/The Netherlands/nl1.shockvpn.net): 5 in the last 3600 secs (0-122)
show less
Hacking
๐ฆ๐บ
QT
2026-07-17 01:06:50
(1 day ago)
Unauthorised WordPress admin login attempted at 2026-07-17 11:06:49 +1000
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 20:54:56
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 217.195.153.81 (nl1.shockvpn.net): 1 in the las ...
show more
(mod_security) mod_security (id:240335) triggered by 217.195.153.81 (nl1.shockvpn.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:54:51.457457 2026] [security2:error] [pid 15909:tid 15909] [client 217.195.153.81:57665] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.195.153.81 (+1 hits since last alert)|deborahbein.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "deborahbein.com"] [uri "/xmlrpc.php"] [unique_id "allFG1uszJfCJpYT5yJG9wAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
4server
2026-07-16 19:42:51
(1 day ago)
[ThuJul1621:42:48.9790172026][security2:error][pid1072752:tid1072777][client217.195.153.81:0]ModSecu ...
show more
[ThuJul1621:42:48.9790172026][security2:error][pid1072752:tid1072777][client217.195.153.81:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"368\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"manishimwe.ch\"][uri\"/xmlrpc.php\"][unique_id\"alk0OBaQ-s3CQPOnjXKAxQAAAIw\"]
show less
Hacking
Web App Attack
๐ฉ๐ช
LRob
2026-07-16 16:17:54
(1 day ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: WordPress.com; https:// ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: WordPress.com; https://wordpress.com
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 22:54:53
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 217.195.153.81 (nl1.shockvpn.net): 1 in the las ...
show more
(mod_security) mod_security (id:240335) triggered by 217.195.153.81 (nl1.shockvpn.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 18:54:48.272183 2026] [security2:error] [pid 8787:tid 8787] [client 217.195.153.81:58635] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.195.153.81 (+1 hits since last alert)|globalsolutions.technology|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "globalsolutions.technology"] [uri "/xmlrpc.php"] [unique_id "ala-OJdJMOhb-AvaWAqxIQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Petros Stefanakis
2026-07-14 21:59:26
(3 days ago)
(wordpress) Failed wordpress login from 217.195.153.81 (nl1.shockvpn.net)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-14 20:57:06
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 217.195.153.81 (nl1.shockvpn.net): 1 in the las ...
show more
(mod_security) mod_security (id:240335) triggered by 217.195.153.81 (nl1.shockvpn.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 16:57:03.028414 2026] [security2:error] [pid 29638:tid 29638] [client 217.195.153.81:52556] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.195.153.81 (+1 hits since last alert)|jimrichardart.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jimrichardart.com"] [uri "/xmlrpc.php"] [unique_id "alain9AaP2lXmEmF6MpuMQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-14 20:55:07
(3 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-14 19:01:44
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 217.195.153.81 (nl1.shockvpn.net): 1 in the las ...
show more
(mod_security) mod_security (id:240335) triggered by 217.195.153.81 (nl1.shockvpn.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 15:01:38.267112 2026] [security2:error] [pid 9036:tid 9036] [client 217.195.153.81:51297] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.195.153.81 (+1 hits since last alert)|loneoakhoney.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "loneoakhoney.com"] [uri "/xmlrpc.php"] [unique_id "alaHkl-MyuQ7WeAumpNNzwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
madeit
2026-07-14 17:41:47
(3 days ago)
Web App Attack
๐ฌ๐ง
Apache
2026-07-14 16:21:33
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 217.195.153.81 (nl1.shockvpn.net): 5 in the las ...
show more
(mod_security) mod_security (id:240335) triggered by 217.195.153.81 (nl1.shockvpn.net): 5 in the last 300 secs
show less
Brute-Force
Web App Attack
๐ง๐ช
cmbplf
2026-07-13 23:10:29
(4 days ago)
7.598 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
๐ฉ๐ช
Sรฉfora Srl
2026-07-13 22:03:08
(4 days ago)
Failed attempt detected by Fail2Ban in plesk-modsecurity jail
Web App Attack