Dear abuse-team,
we have detected exploit-runs/scans from 108.61.123.13 against our server(s).
Please take care.
Cause of complaint: Sending porno-spam via pre-uploaded malware-scripts -- many IPs involved with SINGLE POST-requests
Extract from webserver-access.log (from today and yesterday only):
The timestamp is in UTC 00:00 .
[Format: source-ip(=your ip) - - [utc-timestamp rfc-3339] "http-cmd" webserver-response-code transferred-bytes destination-ip]
---
108.61.123.13 - - [2015-03-10 10:46:12 00:00] "POST /wp-content/plugins/js_composer/composer/lib/params/sorted_list/.start86.php HTTP/1.0" 200 76 178.77.86.250
---
The recipient address of this report was provided
by the Abuse Contact Database of abusix.org. If you
have any question or think the recipient address
might be wrong, contact abusix.org directly via
email ([email protected]). Further information about
the Abuse Contact Database can be found here:
http://abusix.org/services/abuse-contact-db
abusix.org is neither responsible nor liable for
the content or accuracy of this message.
Best regards,
Thomas Schuering
Hosteurope Abuse ([email protected])
--
Host Europe GmbH - http://www.hosteurope.de
Welserstrasse 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: 49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Koeln - USt-IdNr.: DE187370678
Geschaeftsfuehrer: Patrick Pulvermüller
(*) 0,14 EUR/Min. aus dem dt. Festnetz; maximal 0,42 EUR/Min. aus den dt. Mobilfunknetzen
发表于 2015-3-11 01:39:05
发表于 2015-3-11 02:09:39
楼主