L.S.,
It is because of the IP (see
https://www.abuseipdb.com/check/187.1.138.4) and the ongoing abuse on the back-end host.
Also consider 5 other AV vendors that flag this website here:
https://www.virustotal.com/gui/url/67fc3c5a2d70b3f96bfb325922e3fc2ba4fd6d05ba290f7ef0d4568a90e517fa?nocache=1Based on the recent information provided regarding the IP address 187.1.138.4,
several critical observations can be made concerning its history of abuse reports and overall reputation.
Key Findings
History of Abuse:
The IP address has been reported a total of 17 times across 11 distinct sources.
Reports include multiple brute-force attacks on WordPress sites.
especially related to user enumeration and exploitation of XML-RPC functionality,
which can be a vector for these types of attacks.
Abuse Report Timeline:
The earliest report dates back to August 2, 2022, with the most recent reports from October to November 2022.
There have been no recent reports in the past year, indicating that if this IP was involved in abusive activities,
it may not currently be active in such practices.
Details of Reports:
Types of Attacks: Many reports focus on XML-RPC brute-force attacks
and unauthorised login attempts targeting WordPress installations.
Forms of abuse categorised include web app attacks, brute-force attempts, and unauthorised access trials.
Examples of attack types include:
WordPress User Enumeration: Attempts to discover valid WordPress usernames.
XML-RPC Exploitation: Manipulations through the XML-RPC interface used in WordPress for remote procedure calls,
often leveraged for bruteforce attacks.
Confidence in Abuse:
Although the IP has a total of 17 abuse reports, the confidence of abuse is reported at 0%.
This could indicate that network or reputation services may have determined that previous activity
does not currently reflect ongoing abusive behaviour.
It’s essential to consider that this might also suggest possible improvements
or changes in the IP's usage context or the server's maintenance posture since the last reports.
Implications
Shared Hosting Risks: If 187.1.138.4 is part of a shared hosting environment,
the previous abusive activity associated with the IP could indicate security vulnerabilities
not only for other sites hosted there but also for -https://ektor.com.br.
This setting might expose the site to attacks due to neighbouring compromised sites.
Proactive Measures Needed: Given the historical context:
Implement Security Layers: Utilise firewall rules and security plugins to protect against brute-force attacks.
Regular Monitoring: Actively monitor logs for unusual access patterns.
Consider Hosting Options: If the abuse history raises flags for the website's security,
consider migrating to a different hosting provider with a cleaner reputation.
User Awareness: Ensure users are aware of security practices such as using strong passwords
and ensuring plugin/theme security. The WP scan gave no issues.
Recommendations going forward
Incident Response Plan: Develop a response plan in case any suspicious activity is detected.
Foster Communication with Hosting Provider: Engage with the hosting provider
regarding the history of abuse related to the IP.
Regular Security Audits: Conduct frequent security audits of the WordPress site, including vulnerability assessments.
Conclusion
While there hasn't been recent abuse associated with IP 187.1.138.4, its previous activity is a significant concern.
Continuous vigilance, proactive security measures, and ensuring good practices can help maintain the integrity of
and security of the website hosted on this IP.
Espero que você possa encontrar uma solução em breve.
Com os melhores cumprimentos,
polonus (volunteer 3rd-party cold reconnaissance website security analyst and website error-hunter)
