I published the following diary on isc.sans.org: “A Bunch of Compromized WordPress Sites“: A few days ago, one of ourÂ readers contacted reported an incident affecting his website based on WordPress. He performed quick checks by himself and found some pieces of evidence: The main index.php file was modified and some
Expanding your CMS at your own risk!
CMS or “Content Management Systems” became vey commonÂ for a few years. Popular CMS are WordPress, Drupal or Joomla.Â You can rent some space at a hosting provider for a few bucks or even find free hosting platforms. You can deploy them in a few minutes on your own server. Then, you
Analysis of WordPress Login Attempts
Waiting for the new year party, thisÂ is a last quick post inÂ 2014! It’s not the first time that I see a peak of rogue authentication requests against some of the WordPress websites. But for a while, there is a constant flood of IP addresses trying to bruteforce the WordPress login
Post-Analysis of My WordPress Bruteforce Attack
A few days weeks ago, I wrote a blog post (link) about a (unsuccessful) WordPress bruteforce attack agains this site. I captured the attackers’ traffic in a big pcap file. It was a good opportunity to perform a quick analysis to try to extract some statistics. Here follow more details
Proud of My First Targeted Attack… or Not!
Connecting a server to the Intertubes is like connecting it to the wild. There are plenty of bots (thousands? millions?) scanning IP addresses for vulnerable services. Once a service is enabled on an IP address, you don’t have to wait a long time before detecting incoming traffic! One of the
Suspicious WordPress Plugins Scan
Here is an interesting example I would like to share with you. It proves how log management is important. If you read my blog, you already know that I’m addicted to logs. They can be very useful to trace incidents or suspicious activities. Today I received several alerts from my
Upgraded to 2.5
WordPress 2.5 is out! I successfully upgraded without downtime. The new administration interface looks very nice but, more important, let’s hope that security has been increased. I found this interesting post regarding a WordPress hack here.
Error Handling: verbosity−−;
Developers need to implement good error handling procedures in their code. There is nothing more annoying that something like “error 0x4e45ff“. On the other side, reporting too much details to the end user can lead to security threads! Use Google and search for “mysql error and look the cached pages.