My server is serving multiple domains. Some of these clients have Wordpress installed and therefor I have enabled the "Scan for WordPress attacks" option for all domains. This works great, no problems there.
When I check the Brute Force Monitor options in the controlpanel I can see lines like this:
These xmlrpc attacks use a high load on the server and if the client is not using xmlrpc then I would like to discuss disabling it. The only problem is, which domain is being attacked? The log doesn't report the domain name or username of the client who got attacked.
When I check the Brute Force Monitor options in the controlpanel I can see lines like this:
Code:
94.231.107.206 - - [14/Apr/2016:09:13:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 106821 "-" "-"
These xmlrpc attacks use a high load on the server and if the client is not using xmlrpc then I would like to discuss disabling it. The only problem is, which domain is being attacked? The log doesn't report the domain name or username of the client who got attacked.