A PHP Developer's Blog - Joakim Nygård

About jokke.dk

jokke.dk is the personal website of , a software architect, entrepeneur and Mac user living in Copenhagen, Denmark.

Search the Site

Recent Posts

Popular Posts

Looking for a way in

22nd February, 2006

Having set up a dns entry for my iBook at home brings many pleasures, one of which is the interesting entries in my Apache access_log. The following list of unsuccessful requests reveals not only that someone (namely 216.85.221.2) is attempting to find a way in but also what that person is trying:

216.85.221.2 - "POST /xmlrpc.php HTTP/1.1" 404 208
216.85.221.2 - "POST /blog/xmlrpc.php HTTP/1.1" 404 213
216.85.221.2 - "POST /blog/xmlsrv/xmlrpc.php HTTP/1.1" 404 220
216.85.221.2 - "POST /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 221
216.85.221.2 - "POST /drupal/xmlrpc.php HTTP/1.1" 404 215
216.85.221.2 - "POST /phpgroupware/xmlrpc.php HTTP/1.1" 404 221
216.85.221.2 - "POST /wordpress/xmlrpc.php HTTP/1.1" 404 218
216.85.221.2 - "POST /xmlrpc.php HTTP/1.1" 404 208
216.85.221.2 - "POST /xmlrpc/xmlrpc.php HTTP/1.1" 404 215
216.85.221.2 - "POST /xmlsrv/xmlrpc.php HTTP/1.1" 404 215

As you can see, none of the above attempts were fruitful.
I did a nslookup on 216.85.221.2 and got tech1.spam.wcbradley.com, not the kind of company whose employees you'd expect to come knocking on your mod_access directive...
Also notice that every request is a POST looking for ways to exploit poor parameter validation. Sigh.

« MacOS X Trojan  –  Outage + Update »