Possible Malicious Linode

I got the following in my Apache logs this morning. I'm no expert, but it looks to me like a probe for "Web Services-Management" modules on one of my servers. I do not use any such application (note the 404 status codes). These are the only requests from this IP; there are no legitimate requests. I don't recognize the IP and it's not one of mine, but reverse DNS and WHOIS shows it belonging to Linode. I consider probes like this to be an attack, so I'm banning it on my end via iptables to keep my servers safe. Still, I thought I'd better report it somewhere so someone higher up can investigate.

IP: 173.255.206.206

PTR: li216-206.members.linode.com

173.255.206.206 - - [01/Nov/2012:16:36:55 -0400] "GET /wsman HTTP/1.1" 301 360 "-" "curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3"
173.255.206.206 - - [01/Nov/2012:16:37:00 -0400] "GET /wsman HTTP/1.1" 404 13360 "-" "curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3"

1 Reply

Abuse reports should be shipped to [email protected] with as much info/logs as possible.

  • Les

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct