By acp on

Hello there !

The last couple of weeks, I'm getting some strange error messages on my drupal installation:

1) Description : 'main(./includes/xmlrpc.inc) ['
Message : main(./includes/xmlrpc.inc) [function.main]: failed to open stream: No such file or directory in /mnt/106/sdc/3/0/iacp/drupal/xmlrpc.php on line 11.

2) Description : 'main() ['
Message : main() [function.include]: Failed opening './includes/xmlrpc.inc' for inclusion (include_path='/mnt/106/sdc/3/0/iacp/include:.:/usr/php4/lib/php') in /mnt/106/sdc/3/0/iacp/drupal/xmlrpc.php on line 11.

I thought that could be an attempt to login with an external account, but I have disactivated this feature, and I tried with my drupal account and didn't get this kind of errors, rather a 'login failed' warning.
Is this people trying to find vulnerabilities to exploit ? If so, is there any module/way to get more info on the action of these individuals so as to decide if I have to send a nice email to their providers or not.

Thanks for your advice.

Comments

VM’s picture

VM commented

check your servers logs at around the same time.

acp’s picture

acp commented

Actually it's a free webhosting service I'm using, so I don't have access to all this info.

acp’s picture

acp commented

Hi there,

just got a couple of error messages more and I'm starting to wonder if I should take measures or not. I would like however before to get to know what is happening, anyone experiencing same behaviour on his drupal installation ?

Anyone might know what these errors are due to ?

acp’s picture

acp commented

The troll module seems to partially solve my problem by banning users by IP. However I would like to know what these people are trying to do (if in search of vulnerabilities, I should pay more attention to the security of my whole installation).

Is there a way to get all the POST and GET data they might be sending to the xmlrpc.php page so as to get an idea of what's going on ?