token.php getting spammed/hacked ?

wót Paul Lindgreen -
Anzahl Antworten: 0
Our webserver IIS logs indicate we are getting a lot of traffic (20k log entries/day) to '/login/token.php' , half the time a 500 error is returned. The bulk of the traffic is from one ip, which changed to a similar ip the next day.

Is a bot trying to hack into our site?

The log also often mentions 'MoodleMobile', is that the moodle mobile app? I thought the moodle mobile app generated traffic outside of web server logs?

Sample IIS log entry:

2024-01-24 02:32:08 GET /login/token.php - 443 - Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+moodledesktop/3.9.2+Chrome/69.0.3497.128+Electron/4.2.5+Safari/537.36+MoodleMobile - 500 0 0 46
2024-01-24 00:00:03 POST /login/token.php - 443 - Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+moodledesktop/3.9.2+Chrome/69.0.3497.128+Electron/4.2.5+Safari/537.36+MoodleMobile - 500 0 0 15

moodle 3.11.5