Hi
bekomme eben eine Mail von Strato, daß mein Server gehackt sei:
Zitat
hiermit informieren wir Sie darüber, dass Ihr Server (81.169.173.176) mit dem Hostnamen h2323416.stratoserver.net für Hack-Attacken missbraucht wird. Hierauf haben uns Dritte aufmerksam gemacht, deren Systeme attackiert worden sind.
es folgen weitere Hinweise, u.A., daß ich den Server Nei installieeren soll und daß0 Backups möglicherweise beriets infiziert seien....
anschließend folgt sowas:
ZitatAlles anzeigen
/furanet/sites/sa.ninosdelcamino.org/web/htdocs/logs/access:81.169.173.176 - - [13/Jul/2015:06:50:17 +0200] "POST /wp-login.php HTTP/1.1" 200 3894 "-" "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
/furanet/sites/sa.ninosdelcamino.org/web/htdocs/logs/access:81.169.173.176 - - [13/Jul/2015:06:50:25 +0200] "POST /wp-login.php HTTP/1.1" 200 3892 "-" "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
...
[Sat Jul 11 19:15:54.098266 2015] [:error] [pid 152761] [client 81.169.173.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file "/usr/local/apache/conf/modsec_vendor_configs/comodo_apache/09_Bruteforce_Bruteforce.conf"] [line "14"] [id "230000"] [msg "COMODO WAF: Brute Force Attack Identified from 81.169.173.176 (1 hits since last alert)"] [hostname "accolades4u.co.za"] [uri "/wp-login.php"] [unique_id "VaFPSoHoolIAAlS57KgAAABQ"]
[Sat Jul 11 19:17:00.198403 2015] [:error] [pid 152467] [client 81.169.173.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file "/usr/local/apache/conf/modsec_vendor_configs/comodo_apache/09_Bruteforce_Bruteforce.conf"] [line "14"] [id "230000"] [msg "COMODO WAF: Brute Force Attack Identified from 81.169.173.176 (75 hits since last alert)"] [hostname "kitchencupboardscapetown.co.za"] [uri "/wp-login.php"] [unique_id "VaFPjIHoolIAAlOTCNMAAAAN"]
[Sat Jul 11 19:18:16.171042 2015] [:error] [pid 153362] [client 81.169.173.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file "/usr/local/apache/conf/modsec_vendor_configs/comodo_apache/09_Bruteforce_Bruteforce.conf"] [line "14"] [id "230000"] [msg "COMODO WAF: Brute Force Attack Identified from 81.169.173.176 (69 hits since last alert)"] [hostname "accolades4u.co.za"] [uri "/wp-login.php"] [unique_id "VaFP2IHoolIAAlcSkX4AAAAA"]
jemand anwesend, der mir unter die Arme greift und dabei hilft das zu beheben???