Skip to content
Archive of posts filed under the WordPress category.

138 Spam Comment Phrases

One of my blogs received a comment that had 138 different “comments” in it. If you receive a comment to moderate that has any of these phrases in it, you need to mark the comment as spam. And yes, the apostrophes were submitted as question marks. Hi, just wanted to tell you, I enjoyed this […]

WP-Login.php Attempts for May 16, 2013

I logged over 3,000 attempts to login to my WordPress sites on May 16th. Luckily, they were mostly immediately blocked, added to my firewall. The list of 1,501 different attacking IP addresses can be found here. So far today (Friday the 17th) I have logged over 1,800 attempts to log into my sites via wp-login.php.

WP-Login.php Attempts for May 15, 2013

Yesterday I logged over 2,200 attempts to login to my WordPress sites. Luckily, they were mostly immediately blocked, added to my firewall. The list of 1,473 different attacking IP addresses can be found here. So far today (Thursday the 16th) I have logged over 1,000 attempts to log into my sites via wp-login.php.

WP-Login.php Attempts for May 14, 2013

Yesterday I logged over 4,500 attempts to login to my WordPress sites. Luckily, they were mostly immediately blocked, added to my firewall. The list of 3,340 different attacking IP addresses can be found here. So far today (Wednesday the 15th) I have logged over 800 attempts to log into my sites via wp-login.php.

WP-Login.php Attempts for May 13, 2013

Yesterday I logged over 7,000 attempts to login to my WordPress sites. Luckily, they were mostly immediately blocked, added to my firewall. The list of 4,033 different attacking IP addresses can be found here. The attack started at 2:50 in the afternoon on Monday the 13th. Sunday I received only six attempts, so classifying this […]

Login Attempts to wp-login.php

While checking out my apache server logs last week, I noticed that one of my older sites was getting a fair amount of login attempts to wp-login.php from all over the world. So I started grabbing the login information to see what they were trying. The next batch of attacks lasted 23 minutes. The username […]

Bots Looking for Backups of wp-config.php

Here’s a new attack that occurred this afternoon: bot networks are searching for backup copies of wp-config.php. They searched for these four files on the root level of one of my web sites. wp-config.phpbak wp-config.php-bak wp-config.phpBAK wp-config.php-BAK The probes came from these four IP addresses, all within one minute of one another: 91.217.66.227 – Ukraine, […]

Scans for Vulnerable WordPress Plugins

This morning one of my web sites was scanned for all 25 of these WordPress plugins. I’m not exactly sure what they are vulnerable to (looking around the web it looks like they can be used to add programs to your web site), but you should confirm that if your site is using one of […]

More Vulnerability Attack Scans

For the past several hours I’ve been attacked (41,322 times and counting!) by many different IP addresses (95 at last count, including a bunch using Amazon Web Services (amazonaws)) looking for many different URLs. They are searching for the broken timthumb.php script, as well as 5a3c2f91dc7ccef6724e602c0d391659.php or 6c8fd79d31461e644cbf23026ff5d19a.php, which is apparently an app to give […]

TimThumb.php Vulnerability Scans

Earlier today one of my web sites was scanned for the timthumb.php script. timthumb is a web application that allows for the site to gather and resize images. The script is included in a lot of WordPress themes, such as the list of 332 themes listed at the bottom of this post. If you are using one of these themes, upgrade it, and confirm that timthumb has been upgraded to address its security problems.