[Chugalug] d at mn scammers/hackers

K I Goldman kigtest at hotmail.com
Sat Oct 20 19:42:59 UTC 2012


Looks like it was brute force.  The apache error log for the site averages 1 MB/week.  That week it was 64GB.

Keith

On Oct 18, 2012, at 12:45 PM, "Mike Harrison" <cluon at geeklabs.com> wrote:

> On Wed, 17 Oct 2012, Stephen Haywood wrote:
>> So they brute forced your admin password? It wasn't a joomla 0-day?
> 
> Well, not MY password, but the web dude for the non-profit I was hostings password..
> 
> Yeah, best I can tell it looks like a direct brute force.
> 
> I have another Joomla website ran by a clueful guy they were trying the same thing. (He is IT at Unum during the day, and the site seems updated
> and clueful, we relocated the /administrator directory anyway)
> 
> Maybe a 0 day helped, but it seems to be a rapid targeted brute force
> at the /administrator logins.
> 
> Keith, what did you see?
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


More information about the Chugalug mailing list