The WordPress Pharmacy Hack

A number of WordPress blogs around the world have been hacked (or cracked, whichever word you prefer) and a "pharmacy" subdirectory have been injected below the WordPress root. I know of these victims at the moment: azin.se benniboedker.dk www.blog-celeo.com www.digitalrights.gr www.toscaninelmondo.org www.vdomck.org www.yerbastory.pl The injected web pages are advertised by fooling Yahoo! search to make… Continue reading The WordPress Pharmacy Hack

Amazon Web Services used for ssh login attempts

I get ssh login attempts almost daily, mostly from DSL, asian or eastern european IP addresses but this one caught my eye: Illegal users from these: 75.101.221.220 (ec2-75-101-221-220.compute-1.amazonaws.com): 210 times admin/password: 16 times test/password: 15 times tester/password: 15 times testing/password: 15 times guest/password: 14 times adm/password: 6 times administrator/password: 5 times . . . It… Continue reading Amazon Web Services used for ssh login attempts

Domain-name based ssh login attempts

The last few weeks I have noticed some illicit ssh login attempts that uses parts of the reverse DNS domain name as user name when it tries to login. The last attempt looked like this in my LogWatch summary: Illegal users from these:     195.38.107.55 (aquila.euroexpert.tvnet.hu): 9 times        root/password: 4 times        cenara/password: 2… Continue reading Domain-name based ssh login attempts