> Please check the offending system behind the IP and try to fix the problem. > I really would appreciate a quick reaction and a feedback on actions taken. > Code: > In the attachment of this mail (logfile.txt) you can find the related parts of this IP from original protocols of our system. > All times are Austrian local times, UTC+1/MET or UTC+2/MEST. > /var/log/apache2/www.liso.at-error.log:[Sat Apr 23 16:01:42.960599 2022] [php7:error] [pid 15516] [client my-server-ip:43708] script '/home/liso/public_html/style.php' not found or unable to stat > /var/log/apache2/access_error.log:my-server-ip - - [23/Apr/2022:16:01:42 +0200] "GET /style.php?sig=rename HTTP/1.1" 404 341 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/87.0.4280.77 Mobile/15E148 Safari/604.1" STP=43708 c=80 > /var/log/cronolog/www.liso.at_2022_04_23-access.log:my-server-ip - - [23/Apr/2022:16:01:42 +0200] "GET /style.php?sig=rename HTTP/1.1" 404 341 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/87.0.4280.77 Mobile/15E148 Safari/604.1" STP=43708 c=80 this is the mail I received from my host, I can't make out what I can fix here. Need some help to respond to this mail and issue they are telling.
Hi Th0m, did you see or find anything which suggests that there is any script on the server which is attacking another server from the logs I have posted?
The logs show three requests to style.php, presumably from your server's IP address; i don't see any indication of what made the request other than the user agent is from a safari browser; that can simply be faked, or could indicate that your server proxied a request in some manner.
