Earlier this week I discovered an interesting Outlook.com phishing mail that had been caught by the anti-spam measures we deploy for our e-mail customers. Well, to be fair, the phishing attack itself was not anything new or sophisticated, but the choice of hosting provider was rather interesting.
Last week I noticed yet another ongoing brute-force attack against our managed WordPress hosting. The botnet is very low key and each bot connects on average only once per day. Up until now, I’ve collected in the ballpark of 3100 unique bots.
Like everyone else with an email address, I’ve been receiving these bitcoin extortion messages for months. I’ve also observed with ever greater dissatisfaction as scammers raked in tens of bitcoins within a week. What especially annoys me is not so much that people are falling for this scam, but that email service providers are simply looking the other way.
After the GhostProject started offering access to 1.4 billion credentials in the form of usernames with clear text passwords, I’ve seen an expected increase in attacks against customers e-mail accounts.
In the last two weeks I’ve seen a steady increase of bots trying to exploit a remote command execution flaw on D-Link routers. The majority of the attacks are originating from IP blocks belonging to Telecom Egypt Data.
So today I’ve experienced a more significant than usual attack against WordPress installations hosted on one of our company servers. So far I’ve blocked more than
17000 21000 unique IP addresses, but the attackers seem to have an endless supply and they’re not slowing down. Note: This article was updated on January 27, 2018.
I’ve received a few hundred requests originating from bots setting site.ru as their referrer. These attacks are scanning for compromised WordPress installations and PHP based shells and backdoors. The attacking IP’s belong to compromised hosts and websites from service providers around the world.
About one and a half months ago I experienced a lot of botnet traffic originating from major cloud providers including Microsoft Azure. Against my better judgment I decided to see if reporting a few bad IP’s to the MS CERT team would make a difference.
‘Tis the season to be cracking.
In the webhosting business we’re used to seeing an increase in attacks during the holidays, as most people by then are busy with real life. If you’re a cracker though, this is your favorite time of the year.