Dictionary attacks against IMAP servers are great again

After the GhostProject started offering access to 1.4 billion credentials in the form of usernames with clear text passwords, I’ve seen an expected increase in attacks against customers e-mail accounts.

Continue reading

Hakaied with love from Telecom Egypt

In the last two weeks I’ve seen a steady increase of bots trying to exploit a remote command execution flaw on D-Link routers. The majority of the attacks are originating from IP blocks belonging to Telecom Egypt Data.

Continue reading

Another significant WordPress brute-force attack in the works

So today I’ve experienced a more significant than usual attack against WordPress installations hosted on one of our company servers. So far I’ve blocked more than 17000 21000 unique IP addresses, but the attackers seem to have an endless supply and they’re not slowing down. Note: This article was updated on January 27, 2018.

Continue reading

Wordfence warns against a massive brute-force attack campaign

On the 18th of December Wordfence posted the following entry describing an ongoing distributed brute force-attack campaign targeting WordPress installations. It was accompanied by a dramatic chart highlighting the number of attacks per hour. According to Wordfence, it was the most aggressive campaign they’ve seen so far. However, as a WordPress hosting provider I’ve found no data to support these claims.

Continue reading

Malicious bots sending site.ru as the HTTP referer

I’ve received a few hundred requests originating from bots setting site.ru as their referrer. These attacks are scanning for compromised WordPress installations and PHP based shells and backdoors. The attacking IP’s belong to compromised hosts and websites from service providers around the world.

Continue reading

Submitting abuse reports to Microsoft might be a waste of time

About one and a half months ago I experienced a lot of botnet traffic originating from major cloud providers including Microsoft Azure. Against my better judgment I decided to see if reporting a few bad IP’s to the MS CERT team would make a difference.

Continue reading

Drupal 7 sites are still getting hacked and infected with malware

‘Tis the season to be cracking.
In the webhosting business we’re used to seeing an increase in attacks during the holidays, as most people by then are busy with real life. If you’re a cracker though, this is your favorite time of the year.

Continue reading

Is reporting malware just a waste of everybody’s time?

By working in the “web business” I do get my hands on a fair share of malware kits as attackers continuously try to infect any website available with their automated scripts.

Continue reading