Ammo For Sale

« « A civil rights victory | Home | New York Boycott » »

Busy Bees

So, after GunNuts got hacked and reading Les’ post on securing wordpress, I installed Better WP Security. It logs attempts to log in to my blog software. Within 45 minutes, it logged about 30 attempts. That surprised me.

Posted in uncategorized on February 24th, 2013 by SayUncle | RSS 2.0 |

7 Responses to “Busy Bees”

  1. Kristophr Says:
    February 24th, 2013 at 2:00 pm

    Add those attempts’ IP addresses to your htaccess file’s “deny” section.

    http://www.javascriptkit.com/howto/htaccess5.shtml

  2. atrius Says:
    February 24th, 2013 at 3:20 pm

    You should see the practically endless attempts to break into SSH servers. 😀

  3. ByteEnable Says:
    February 25th, 2013 at 12:03 pm

    There are scripts running on machines in places like Poland, including China, that constantly scan the internet for open machines or hackable software that is running. I would use Drupal. I think there is a plugin that makes Drupal behave like WordPress. WordPress is notorious for being breached.

  4. SJ Says:
    February 25th, 2013 at 12:21 pm

    Any word on what weakness was exploited at GunNuts?

    I’m guessing, if it was similar to the pattern you and Les saw, that a password was either leaked or guessed.

    Pro-Tip: It’s possible, on some web-sites, for an attacker on one of those sites to sniff out your password.

    This depends mostly on how the site-programmer chose to store your password.

    If this password is shared across many sites, and the attacker knows the login-name for those other sites, he might get access to them.

    Anyway, one method of defense is to use a different, hard-to-guess passwords for each site. Except that makes passwords hard to remember, too.

    This is one reason that tools like PasswordSafe were invented.

  5. Rob Reed Says:
    February 25th, 2013 at 3:53 pm

    Don’t forget Farmer Frank lost his blog to hackers.

  6. Barron Barnett Says:
    February 25th, 2013 at 6:27 pm

    SJ I know what the attack vector was on the GunNuts hit and it was a site vulnerability. I saw it first hand, if you went to a non existent page it kicked you into the theme editor under his login. From there you could do some serious damage.

  7. Caleb Says:
    February 25th, 2013 at 7:24 pm

    It was definitely a 404 vulnerability. I fixed it, but by the time I had noticed it and corrected it, the damage was done.

Remember, I do this to entertain me, not you.

Uncle Pays the Bills

Find Local
Gun Shops & Shooting Ranges


bisonAd

Categories

Archives