Long time reader, first time poster... hi all!
I have a VPS for hosting which I am having issues with an apache attack from a computer somewhere.
I understand the basics but I need someone's help to find the offending machine and fix the issue. The error I get is below, I have many like it. I have asked the host to check for viruses which they have and they cannot find any issue. I'm using a laptop myself which was off at the time of this error so I don't think it's me.
[Fri Sep 15 10:27:20.897763 2017] [:error] [pid 404] [client 22.214.171.124:41786] [client 126.96.36.199] ModSecurity: Access denied with code 406 (phase 2). Operator GT matched 0 at USER:bf_block. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "13"] [id "10014"] [msg "ip address blocked for 15 minutes, more than 3 login attempts in 3 minutes."] [hostname "secaccountants.com"] [uri "/wp-login.php"] [unique_id "WbvxWDGWhzE8Nx4NrTWnWQAAAF8"]