[nsp-sec] WordPress hackery.
Scott A. McIntyre
scott at howyagoin.net
Mon Apr 15 16:35:56 EDT 2013
Hello all,
Does anyone have sample data regarding this large WordPress based botnet they'd be willing to share? Of specific interest:
o What other usernames are being brute-forced besides "admin" - if any?
o Do you have any sample POSTs to wp-login.php?
o Anything else in the headers or UAs that might be of use to identify *this* traffic from all the other normal background radiation hitting WordPress for years.
I've seen lists of the passwords being tried passed around, but wasn't sure if it was only for "admin" and all of the WordPress sites I've got access to logs to are limited for access to the login pages anyway...
Thanks,
Scott A. McIntyre
Telstra AS1221
More information about the nsp-security
mailing list