[Chugalug] d at mn scammers/hackers

Mike Harrison cluon at geeklabs.com
Thu Oct 18 16:45:33 UTC 2012


On Wed, 17 Oct 2012, Stephen Haywood wrote:
> So they brute forced your admin password? It wasn't a joomla 0-day?

Well, not MY password, but the web dude for the non-profit I was hostings 
password..

Yeah, best I can tell it looks like a direct brute force.

I have another Joomla website ran by a clueful guy they were trying the 
same thing. (He is IT at Unum during the day, and the site seems updated
and clueful, we relocated the /administrator directory anyway)

Maybe a 0 day helped, but it seems to be a rapid targeted brute force
at the /administrator logins.

Keith, what did you see?








More information about the Chugalug mailing list