[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ PRIVACY Forum ] Huge attack on WordPress sites

Subject: [ PRIVACY Forum ] Huge attack on WordPress sites
From: dhubbard at dino.hostasaurus.com (David Hubbard)
Date: Mon, 15 Apr 2013 10:29:03 -0400
References: <[email protected]> <[email protected]> <CABSP1OevC5bXUeCa6yVK47pLXEGBGW5xgQL=TpDOXMYKZ1TKDQ@mail.gmail.com>

apache's mod_security comes in pretty handy for reducing the
cpu load caused by these attacks; we've seen many sites we
host getting hammered on the wp-login.php page from these
bots.

Here's the rules that block the bad requests:

https://docs.google.com/document/d/1wCpp7U5uOw_krEkQrm9NXFf2LjpGvlZ7uoOK
0Ok4LGM/pub

David 

> -----Original Message-----
> From: Damian Menscher [mailto:damian at google.com] 
> Sent: Monday, April 15, 2013 7:17 AM
> To: Steve
> Cc: nanog at nanog.org
> Subject: Re: [ PRIVACY Forum ] Huge attack on WordPress sites
> 
> FYI, the "new" part of this news is that the current botnet 
> is 10x larger
> than the one you're thinking of.
> 
> Damian
> 
> 
> On Sat, Apr 13, 2013 at 5:39 AM, Steve <angst1974 at yahoo.com> wrote:
> 
> > This is pretty old news , this "super bot-net" of 
> compromised Wordpress
> > sites ( and others) has been attacking since September
> >
> > Sent from my iPhone
> >
> > ONANOG Digest,
> > > *************************************
> >
> >
> 
>

References:
- Fwd: [ PRIVACY Forum ] Huge attack on WordPress sites
  - From: angst1974 at yahoo.com (Steve)
- [ PRIVACY Forum ] Huge attack on WordPress sites
  - From: damian at google.com (Damian Menscher)

Prev by Date: What do people use public suffix for?
Next by Date: What do people use public suffix for?
Previous by thread: [ PRIVACY Forum ] Huge attack on WordPress sites
Next by thread: Contact for BGP at nic.mil (AS721 AS27064)
Index(es):
- Date
- Thread