An attacker scanned my web sites this morning for URLs including these files. zboard.php logx.txt wp-includes/wp-script.php wp-includes/wp-services.php wp-includes/class-wp-customize-client.php thumb_editor.php wp-includes/jahat.php wp-content/uploads/images.php None of these files are part of a WordPress installation. So if you see them in your system, give it a much closer look to see if something bad is happening on your site. […]
WP-Login.php Attempts for May 16, 2013
I logged over 3,000 attempts to login to my WordPress sites on May 16th. Luckily, they were mostly immediately blocked, added to my firewall. The list of 1,501 different attacking IP addresses can be found here. So far today (Friday the 17th) I have logged over 1,800 attempts to log into my sites via wp-login.php.
WP-Login.php Attempts for May 15, 2013
Yesterday I logged over 2,200 attempts to login to my WordPress sites. Luckily, they were mostly immediately blocked, added to my firewall. The list of 1,473 different attacking IP addresses can be found here. So far today (Thursday the 16th) I have logged over 1,000 attempts to log into my sites via wp-login.php.
WP-Login.php Attempts for May 14, 2013
Yesterday I logged over 4,500 attempts to login to my WordPress sites. Luckily, they were mostly immediately blocked, added to my firewall. The list of 3,340 different attacking IP addresses can be found here. So far today (Wednesday the 15th) I have logged over 800 attempts to log into my sites via wp-login.php.
WP-Login.php Attempts for May 13, 2013
Yesterday I logged over 7,000 attempts to login to my WordPress sites. Luckily, they were mostly immediately blocked, added to my firewall. The list of 4,033 different attacking IP addresses can be found here. The attack started at 2:50 in the afternoon on Monday the 13th. Sunday I received only six attempts, so classifying this […]
Login Attempts to wp-login.php
While checking out my apache server logs last week, I noticed that one of my older sites was getting a fair amount of login attempts to wp-login.php from all over the world. So I started grabbing the login information to see what they were trying. The next batch of attacks lasted 23 minutes. The username […]
Bots Looking for Backups of wp-config.php
Here’s a new attack that occurred this afternoon: bot networks are searching for backup copies of wp-config.php. They searched for these four files on the root level of one of my web sites. wp-config.phpbak wp-config.php-bak wp-config.phpBAK wp-config.php-BAK The probes came from these four IP addresses, all within one minute of one another: 91.217.66.227 – Ukraine, […]
Scans for Vulnerable WordPress Plugins
This morning one of my web sites was scanned for all 25 of these WordPress plugins. I’m not exactly sure what they are vulnerable to (looking around the web it looks like they can be used to add programs to your web site), but you should confirm that if your site is using one of […]
More Vulnerability Attack Scans
For the past several hours I’ve been attacked (41,322 times and counting!) by many different IP addresses (95 at last count, including a bunch using Amazon Web Services (amazonaws)) looking for many different URLs. They are searching for the broken timthumb.php script, as well as 5a3c2f91dc7ccef6724e602c0d391659.php or 6c8fd79d31461e644cbf23026ff5d19a.php, which is apparently an app to give […]
TimThumb.php Vulnerability Scans
Earlier today one of my web sites was scanned for the timthumb.php script. timthumb is a web application that allows for the site to gather and resize images. The script is included in a lot of WordPress themes, such as the list of 332 themes listed at the bottom of this post. If you are using one of these themes, upgrade it, and confirm that timthumb has been upgraded to address its security problems.