[Nottingham] We've been hacked/cracked! THREE times!!!
Martin
martin at ml1.co.uk
Wed Jan 29 09:10:47 UTC 2014
On 29/01/14 08:59, Martin wrote:
> Folks,
>
> FYI:
>
> OK, so our WordPress site has been attacked, from what looks to be three
> attempts! All on 21/01/2014 and 28/01/2014.
>
> The unexplained part is for how a number of ".php" files were uploaded.
> However, despite a few thousand hits from various (soon blacklisted) IP
> addresses, their logged attempts to access the rogue php returned
> nothing more than a "403"...
And there are still a few more IP addresses trying that... Quite a large
collection/collective...
> Bits of the code look like mail spam. Another part includes a file
> manager and attempts at shell execute (all never enabled in the first
> place due to good paranoia)...
>
>
> Details available for anyone interested.
>
>
> And just for being really paranoid: Can any maliciousness be executed in
> a .css file?
>
> Cheers,
> Martin
--
- ------------------ - ----------------------------------------
- Martin Lomas - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- martin @ ml1 co uk - Import from hkp://subkeys.pgp.net or
- ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg
More information about the Nottingham
mailing list