1

I can't seem to squash this error. I recently installed OSSEC on a Digital Ocean droplet, and I'm getting this message every 15 minutes or so. I've tried blocking the client IP addresses with UFW, tried searching the server for this POST_ip_port.php file, no luck.

Received From: worksdev->/var/log/apache2/error.log 
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." 
Portion of the log(s): 

[Wed Jun 17 10:47:43.135294 2015] [:error] [pid 18370] [client 222.186.129.5:2636] script '/var/www/worksdev.com/public_html/POST_ip_port.php' not found or unable to stat, referer: http://123.249.24.233/POST_ip_port.phpAccept: */* 

This question is the only similar issue I've found after extensive Googling. Unlike my issue, the wp-chron.php file exists. I suspect the POST_ip_port.php file is related to some kind of malicious exploit.

Any suggestions?

0

You must log in to answer this question.

Browse other questions tagged .