Skip to main content
Information Security

Return to Answer

replaced http://serverfault.com/ with https://serverfault.com/
Source Link
Community Bot
Community Bot
  • 1

It is an automated scan for vulnerable software. If you connect just anything to the internet, you will be getting requests like these before you can say "information security".

The first one checks if you are an open proxyyou are an open proxy, e.g. if you allow anyone to use you as a proxy server. Finding these are useful when you are running automated attacks because it means that the attacks can be relayed by them. It would not surprise me if the IP numbers in your logs are from servers with this kind of vulnerability.

The second one tests if you are running WordPress and have the XML-RPC interface on. That can be used to do brute force attacks on the admin password.

It is important to understand that these are not actual exploits, but scans to detect vulnerabilities that can be exploited in the next step. Since you returned 404 in both cases - thereby indicating that you are not a proxy, and not running WordPress - the result was negative for the attacker. They probably moved on, and I would not be very worried if I were you.

It is an automated scan for vulnerable software. If you connect just anything to the internet, you will be getting requests like these before you can say "information security".

The first one checks if you are an open proxy, e.g. if you allow anyone to use you as a proxy server. Finding these are useful when you are running automated attacks because it means that the attacks can be relayed by them. It would not surprise me if the IP numbers in your logs are from servers with this kind of vulnerability.

The second one tests if you are running WordPress and have the XML-RPC interface on. That can be used to do brute force attacks on the admin password.

It is important to understand that these are not actual exploits, but scans to detect vulnerabilities that can be exploited in the next step. Since you returned 404 in both cases - thereby indicating that you are not a proxy, and not running WordPress - the result was negative for the attacker. They probably moved on, and I would not be very worried if I were you.

It is an automated scan for vulnerable software. If you connect just anything to the internet, you will be getting requests like these before you can say "information security".

The first one checks if you are an open proxy, e.g. if you allow anyone to use you as a proxy server. Finding these are useful when you are running automated attacks because it means that the attacks can be relayed by them. It would not surprise me if the IP numbers in your logs are from servers with this kind of vulnerability.

The second one tests if you are running WordPress and have the XML-RPC interface on. That can be used to do brute force attacks on the admin password.

It is important to understand that these are not actual exploits, but scans to detect vulnerabilities that can be exploited in the next step. Since you returned 404 in both cases - thereby indicating that you are not a proxy, and not running WordPress - the result was negative for the attacker. They probably moved on, and I would not be very worried if I were you.

Source Link
Anders
Anders
  • 65.9k
  • 25
  • 188
  • 227

It is an automated scan for vulnerable software. If you connect just anything to the internet, you will be getting requests like these before you can say "information security".

The first one checks if you are an open proxy, e.g. if you allow anyone to use you as a proxy server. Finding these are useful when you are running automated attacks because it means that the attacks can be relayed by them. It would not surprise me if the IP numbers in your logs are from servers with this kind of vulnerability.

The second one tests if you are running WordPress and have the XML-RPC interface on. That can be used to do brute force attacks on the admin password.

It is important to understand that these are not actual exploits, but scans to detect vulnerabilities that can be exploited in the next step. Since you returned 404 in both cases - thereby indicating that you are not a proxy, and not running WordPress - the result was negative for the attacker. They probably moved on, and I would not be very worried if I were you.