Botnets doing a brute force attack as of now, Friday 4pm EST



Here's what I can tell you. All of my shitty hosts are all down, even though my sites aren't hacked (because I don't use retarded logins), but Hostgator servers are still kicking like nothing is happening. Hostgator +1
 
thehobbster said:
Here's what I can tell you. All of my shitty hosts are all down, even though my sites aren't hacked (because I don't use retarded logins), but Hostgator servers are still kicking like nothing is happening. Hostgator +1
Click to expand...

Silly hobbster, you're website files are on servers on the ground? My website files are in the cloud. A botnet doesn't have wings...

Carry on...​
 
CCarter said:
inb4 Limit Login Attempts is really a trojan horse....​
Click to expand...

^^

This

WordPress › Limit Login Attempts « WordPress Plugins was last updated in June, last year. And the recommended compatibility is WP 3.3.2

The plugin may work when installed, but its code is now obsolete and it may have it's own set of vulnerabilities now.

I recommend something like WordPress › Login Security Solution « WordPress Plugins or WordPress › 6Scan Security « WordPress Plugins or basically anything with a good track record, updated code and an active developer.
 
So that's not just me, good. These faggots are so damn irritating.

P5TRCBM.gif
 
Lol. You guys didn't see line 932 in functions? We added a special treat to clone and spoof any new usernames changed or added after infection. Good luck bros
 
BlogHue said:
^^

This

WordPress › Limit Login Attempts « WordPress Plugins was last updated in June, last year. And the recommended compatibility is WP 3.3.2

The plugin may work when installed, but its code is now obsolete and it may have it's own set of vulnerabilities now.

I recommend something like WordPress › Login Security Solution « WordPress Plugins or WordPress › 6Scan Security « WordPress Plugins or basically anything with a good track record, updated code and an active developer.
Click to expand...

Do these limit login/changing the admin URL type plugins do anything for brute force attacks via xmlrpc?

Seems like it would still be a problem unless you disable it completely, no?
WordPress › Disable XML-RPC « WordPress Plugins
 
magicink said:
Do these limit login/changing the admin URL type plugins do anything for brute force attacks via xmlrpc?

Seems like it would still be a problem unless you disable it completely, no?
WordPress › Disable XML-RPC « WordPress Plugins
Click to expand...

Yes very good point. Prior to WP 3.5 - XMLRPC publishing protocol came disabled by default.

Most people didn't even bother checking it out, except for the very few who were using third party publishing softwares such as scribefire or whatever.

But for some reason from WP 3.5 onwards, the team at wordpress decided to keep this enabled by default and remove the disable option altogether. (I still have no clue why!)

I just dropped an email to the developer asking for his insights on both of these.

Additionally, if you indeed need XMLRPC disabled - why install a seperate plugin to do that?

Simply add - the below line to your wp-config.php and you should be golden.

Code: 
add_filter( 'xmlrpc_enabled', '__return_false' );
 
BlogHue said:
Yes very good point. Prior to WP 3.5 - XMLRPC publishing protocol came disabled by default.

Most people didn't even bother checking it out, except for the very few who were using third party publishing softwares such as scribefire or whatever.

But for some reason from WP 3.5 onwards, the team at wordpress decided to keep this enabled by default and remove the disable option altogether. (I still have no clue why!)

I just dropped an email to the developer asking for his insights on both of these.

Additionally, if you indeed need XMLRPC disabled - why install a seperate plugin to do that?

Simply add - the below line to your wp-config.php and you should be golden.

Code: 
add_filter( 'xmlrpc_enabled', '__return_false' );
Click to expand...

Yeah, probably better to make a manual change than add yet another plugin. I used a plugin because I use ManageWP and it seemed like the quickest way to disable it across all of my sites.
 
if ( ! logged_in && failed_attempts > 5) {

// block IP

} else if ( ! logged_in) {

failed_attempts++;

sleep(3);

// handle response

}
 
malloc said:
BlogHue, any opinion on WordFence?
Click to expand...

It looks good. However, if you're running a few hundred sites - signing up for their API everytime could get tiresome. Also, I don't like my sites making unnecessary outgoing connections all the time.

----

P.S - Got more info on the Hacks... Apparently, a new user is created and administration roles are changed. Followed by probably, from what I can gain, an upload of a Shell Script, which then further modifies the traditional wp-login.php

This is what it looks like once the hack is successful.

H3R5NyD.jpg
 
Last edited:
You must log in or register to reply here.
Top Bottom