[Chugalug] d at mn scammers/hackers

David White dwrudy at gmail.com
Thu Oct 18 03:09:56 UTC 2012


Thanks for the heads up. I don't host any Joomla sites, but do host a
number of Drupal/Wordpress sites - and many of those are .orgs, some
of which haven't been looked at in a while.

I've heard many, many horror stories about Joomla. Not saying Drupal
and Wordpress don't have issues- they certainly do. But I never hear
the amount of stories about them that I do of Joomla.

Your email reminds me that I really need to get a better logging
system in place than I currently have.

Now that I finally have pfSense on my home network, I might look into
either a static IP or a dynDNS account and log everything here...

Sent from my iPhone

On Oct 17, 2012, at 10:08 PM, Mike Harrison <cluon at geeklabs.com> wrote:

>
> The little Linode slice that hosts chugalug.org
> and a handful of other sites had a Joomla install brute forced.
> Actually nailed on October 10th, but they did not
> install and abuse things until yesterday.
>
> The apache logs show many many thousands of login/password attempts
> on the two joomla sites on this system... from only two IP's. in rapid succession. and they finally got one. Then they uploaded a new theme, with some extra functionality in the files.
>
> Note: Both IP's were from static ip leasing services. That's a new twist to me... usually they are from another hacked server.
>
> And then they went "Bank of America Customer Fishing"
> This server was only a relay, it's some interesting code.
>
> As many of you are also hosting/using Joomla and other content management systems, you might want to look at your logs. Moving your login/admin
> urls is the first step, there are many more worth taking.
>
> I'm out of the internet / web hosting / security business and yet, since the beginning of September, I've been involved in 6 comprimises, 2 of which, like this one, I was partially responsible for some part of the system.
> The others I was just called in to help clean up afterwards.
>
> My relevant almost on topic point is: It seems to me the intensity, focus and volume of hacks, comprimises and abuses have seeming increased significantly.
>
> Be careful out there. I'm putting my uber-paranoid hat on after
> about 10 years of not wearing it (all the time), you should also.
>
> The not so nice people are out to get us all. All of us.
>
>
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


More information about the Chugalug mailing list