Meu site está sendo invadido (Bluehost)?

Question

Meu site está sendo invadido (Bluehost)?

1

Estou executando um site simples fora do Bluehost, e eu precisava usar scripts Python personalizados, então criei uma pasta cgi-bin no diretório do meu site e adicionei meus arquivos python cgi lá. Toda vez que tentei usar uma solicitação AJAX para usar os scripts cgi, no entanto, o servidor continuava retornando um erro 500.

Isso é o que o log de erros principal mostra:

[Sun Nov 30 15:49:15 2014] [error] [client 91.121.209.34] ModSecurity: Access denied with code 406 (phase 1). Pattern match "Mozilla\\/5\\.0 \\(Windows; U; Windows NT 5\\.1; ru; rv:1\\.9\\.0\\.2\\) Gecko\\/2008091620 Firefox\\/3\\.0\\.2" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/modsecurity.d/eig_rules.conf"] [line "58"] [id "900228"] [msg "Wordpress Brute Force :: Firefox 8"] [hostname "anewroundtable.com"] [uri "/wp-login.php/"] [unique_id "VHue6zJX@FcAADAOSWgAAACA"]
[Sun Nov 30 15:49:16 2014] [error] [client 91.121.209.34] ModSecurity: Access denied with code 406 (phase 1). Pattern match "Mozilla\\/5\\.0 \\(Windows; U; Windows NT 5\\.1; ru; rv:1\\.9\\.0\\.2\\) Gecko\\/2008091620 Firefox\\/3\\.0\\.2" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/modsecurity.d/eig_rules.conf"] [line "58"] [id "900228"] [msg "Wordpress Brute Force :: Firefox 8"] [hostname "anewroundtable.com"] [uri "/wp-login.php/"] [unique_id "VHue7DJX@FcAADAOSWsAAACD"]
[Sun Nov 30 15:49:16 2014] [error] [client 91.121.209.34] ModSecurity: Access denied with code 406 (phase 1). Pattern match "Mozilla\\/5\\.0 \\(Windows; U; Windows NT 5\\.1; ru; rv:1\\.9\\.0\\.2\\) Gecko\\/2008091620 Firefox\\/3\\.0\\.2" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/modsecurity.d/eig_rules.conf"] [line "58"] [id "900228"] [msg "Wordpress Brute Force :: Firefox 8"] [hostname "sunnymedias.com"] [uri "/wp-login.php/"] [unique_id "VHue6zJX@FcAADAOSWoAAACC"]
[Sun Nov 30 15:49:16 2014] [error] [client 91.121.209.34] ModSecurity: Access denied with code 406 (phase 1). Pattern match "Mozilla\\/5\\.0 \\(Windows; U; Windows NT 5\\.1; ru; rv:1\\.9\\.0\\.2\\) Gecko\\/2008091620 Firefox\\/3\\.0\\.2" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/modsecurity.d/eig_rules.conf"] [line "58"] [id "900228"] [msg "Wordpress Brute Force :: Firefox 8"] [hostname "anewroundtable.com"] [uri "/wp-login.php/"] [unique_id "VHue7DJX@FcAAC34XhwAAAHN"]
[Sun Nov 30 15:49:16 2014] [error] [client 91.121.209.34] ModSecurity: Access denied with code 406 (phase 1). Pattern match "Mozilla\\/5\\.0 \\(Windows; U; Windows NT 5\\.1; ru; rv:1\\.9\\.0\\.2\\) Gecko\\/2008091620 Firefox\\/3\\.0\\.2" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/modsecurity.d/eig_rules.conf"] [line "58"] [id "900228"] [msg "Wordpress Brute Force :: Firefox 8"] [hostname "sunnymedias.com"] [uri "/wp-login.php/"] [unique_id "VHue7DJX@FcAADAOSW0AAACF"]
[Sun Nov 30 15:49:17 2014] [error] [client 91.121.209.34] ModSecurity: Access denied with code 406 (phase 1). Pattern match "Mozilla\\/5\\.0 \\(Windows; U; Windows NT 5\\.1; ru; rv:1\\.9\\.0\\.2\\) Gecko\\/2008091620 Firefox\\/3\\.0\\.2" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/modsecurity.d/eig_rules.conf"] [line "58"] [id "900228"] [msg "Wordpress Brute Force :: Firefox 8"] [hostname "anewroundtable.com"] [uri "/wp-login.php/"] [unique_id "VHue7TJX@FcAAC34Xh8AAAHK"]
[Sun Nov 30 15:49:17 2014] [error] [client 91.121.209.34] ModSecurity: Access denied with code 406 (phase 1). Pattern match "Mozilla\\/5\\.0 \\(Windows; U; Windows NT 5\\.1; ru; rv:1\\.9\\.0\\.2\\) Gecko\\/2008091620 Firefox\\/3\\.0\\.2" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/modsecurity.d/eig_rules.conf"] [line "58"] [id "900228"] [msg "Wordpress Brute Force :: Firefox 8"] [hostname "sunnymedias.com"] [uri "/wp-login.php/"] [unique_id "VHue7TJX@FcAADAOSW8AAACH"]
[Sun Nov 30 15:49:17 2014] [error] [client 91.121.209.34] ModSecurity: Access denied with code 406 (phase 1). Pattern match "Mozilla\\/5\\.0 \\(Windows; U; Windows NT 5\\.1; ru; rv:1\\.9\\.0\\.2\\) Gecko\\/2008091620 Firefox\\/3\\.0\\.2" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/modsecurity.d/eig_rules.conf"] [line "58"] [id "900228"] [msg "Wordpress Brute Force :: Firefox 8"] [hostname "anewroundtable.com"] [uri "/wp-login.php/"] [unique_id "VHue7TJX@FcAADAOSXEAAACJ"]
[Sun Nov 30 15:49:17 2014] [error] [client 91.121.209.34] ModSecurity: Access denied with code 406 (phase 1). Pattern match "Mozilla\\/5\\.0 \\(Windows; U; Windows NT 5\\.1; ru; rv:1\\.9\\.0\\.2\\) Gecko\\/2008091620 Firefox\\/3\\.0\\.2" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/modsecurity.d/eig_rules.conf"] [line "58"] [id "900228"] [msg "Wordpress Brute Force :: Firefox 8"] [hostname "sunnymedias.com"] [uri "/wp-login.php/"] [unique_id "VHue7TJX@FcAAC34XiEAAAHI"]

Com base nesse log de erros, posso supor que meu site está sendo invadido por força bruta? Isso está aparecendo quando meu site não está funcionando. Eu removi o site do diretório de arquivos devido ao medo de hackers, mas isso ainda está aparecendo. O que exatamente está acontecendo aqui? Meu site está sendo invadido? Esses mesmos logs continuam aparecendo a cada segundo, a propósito. Os nomes de host mudam, no entanto.

Qualquer ajuda é muito apreciada.

python hacking cgi website

por Vishwa Iyer 30.11.2014 / 23:51

0 respostas

Tags python hacking cgi website

Analisar diferentes lastlog [s] loop de redirecionamento nginx com proxy_pass e $ http + CloudFlare