pistell/XMLRPC_Hack_Attempts

## XMLRPC_Hack_Attempts
grep -i "xmlrpc\.php" other_vhosts_access.log.1 | awk '{print $2 " " $8}' | sort | uniq -c | sort -n | tail > hack_attempts.txt

1. cd into your apache logs directory (ex- /var/log/apache2)
2. Run the grep command
   This will search the file "other_vhosts_access_log.1" for the string "xmlrpc.php
   Awk will then print out column 2 (the incoming connection) and column 8 (the file accessed)
   Sorts by unique IPs then numbers them by attempts
   Data is output to hack_attempts.txt for analysis

Example output::
     32 46.148.18.162 /xmlrpc.php
     33 185.130.5.203 /xmlrpc.php
     45 46.148.22.18 /xmlrpc.php
    144 185.112.102.164 /xmlrpc.php
    150 162.158.88.84 /xmlrpc.php
    299 185.106.92.53 /xmlrpc.php
    502 185.106.92.160 /xmlrpc.php
   1421 185.130.5.165 /xmlrpc.php
 136458 89.248.167.131 /xmlrpc.php
 248338 185.130.5.104 /xmlrpc.php

As the output shows, the last IP on the list tried to access my xmlrpc.php file 248,338 times!
	grep -i "xmlrpc\.php" other_vhosts_access.log.1 \| awk '{print $2 " " $8}' \| sort \| uniq -c \| sort -n \| tail > hack_attempts.txt

	1. cd into your apache logs directory (ex- /var/log/apache2)
	2. Run the grep command
	This will search the file "other_vhosts_access_log.1" for the string "xmlrpc.php
	Awk will then print out column 2 (the incoming connection) and column 8 (the file accessed)
	Sorts by unique IPs then numbers them by attempts
	Data is output to hack_attempts.txt for analysis

	Example output::
	32 46.148.18.162 /xmlrpc.php
	33 185.130.5.203 /xmlrpc.php
	45 46.148.22.18 /xmlrpc.php
	144 185.112.102.164 /xmlrpc.php
	150 162.158.88.84 /xmlrpc.php
	299 185.106.92.53 /xmlrpc.php
	502 185.106.92.160 /xmlrpc.php
	1421 185.130.5.165 /xmlrpc.php
	136458 89.248.167.131 /xmlrpc.php
	248338 185.130.5.104 /xmlrpc.php

	As the output shows, the last IP on the list tried to access my xmlrpc.php file 248,338 times!