Monday, September 1st, 2008
A number of WordPress blogs around the world have been hacked (or cracked, whichever word you prefer) and a "pharmacy" subdirectory have been injected below the WordPress root. I know of these victims at the moment:
azin.se
benniboedker.dk
www.blog-celeo.com
www.digitalrights.gr
www.toscaninelmondo.org
www.vdomck.org
www.yerbastory.pl
The injected web pages are advertised by fooling Yahoo! search to make a weird GET ...
Posted in wordpress | No Comments »
Monday, May 12th, 2008
I get ssh login attempts almost daily, mostly from DSL, asian or eastern european IP addresses but this one caught my eye:
Illegal users from these:
75.101.221.220 (ec2-75-101-221-220.compute-1.amazonaws.com): 210 times
admin/password: 16 times
test/password: 15 ...
Posted in Uncategorized | No Comments »
Wednesday, April 23rd, 2008
The last few weeks I have noticed some illicit ssh login attempts that uses parts of the reverse DNS domain name as user name when it tries to login. The last attempt looked like this in my LogWatch summary:
Illegal users from these:
195.38.107.55 (aquila.euroexpert.tvnet.hu): 9 times
root/password: 4 times
...
Posted in Uncategorized | No Comments »