Blog Archives

Wishing For Spam Free Hosting

Are You Wishing For Spam Free Secure Hosting

Do you wish you could host your WordPress blog (self-hosted) where spam wasn’t a problem, where hackers couldn’t damage your site, where your host took effective steps to keep spammers and hackers away from your blog?

Are you fed-up with all the spam and hacker attacks from China, the former Soviet states and other notorious regions, the sharply rising level of cyber-attacks from the middle east and northern Africa?

Are all the hacking attacks and login attacks from hacked web sites and bad-host web-servers giving you grey hairs?

Read the rest of this entry

Advertisements

Massive Number Websites in Botnet

Massive Number of Hacked USA Websites Participate in WordPress Botnet Attack

website botnet thumbnail imageFor the past couple of days we’ve been watching a customers WordPress site being attacked by a botnet of websites trying to access site admin with user name “admin” and a variety of simple passwords.

Most of these attacks are coming from USA based web hosting services. One particular top level service provider, Provo Unified Layer, stands out above the rest as the most hacked network. Many 2nd tier providers use Provo Unified Layer infrastructure including Bluehost and Hostmonster. Of the hosts using Provo Unified Layer infrastructure, Bluehost is ahead of the pack in having hosted sites participating in the botnet. (Read more about Bluehost and the Botnet).

Read the rest of this entry

Bork-Edition User Agent

Opera User Agent “Bork-Edition”

bork-edition spam bot iconHave you seen Bork-edition user agent strings? Wondered what browser uses this string? Maybe noticed nearly all traffic to your site with Bork edition in the user agent string is spam and hacking attempts. User agents with Bork-edition are considered by at least one writer among the top 10 spam bots that must be blocked.

There’s several user agents which on first glance look harmless e.g. user agent string Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]

Read the rest of this entry

Website Down for Visitor Safety

Website Offline after DoS Attack

My Drupal website, graphicline.co.za, remains offline today following yesterdays JavaScript injection / denial of service attack. I decided to take the site offline to ensure the safety of visitors while I check the site for any malware. My hosting service technicians are also examining the server for any possible faults or configuration problems. Other sites on sub-domains of graphicline.co.za were affected at times, and further disruptions of service are expected.

website affline after dos attack graphic imageThe DoS (denial of service) attack began in the early hours of January 24 2012 and continued for nearly 2 hours. During this time thousands of attempts were made to inject JavaScript redirect code into the website (there are too many related entries in the log to count). Although initial inspection showed no successful hack, I felt it prudent to take the site down until certain no malware or other bad stuff had been included.

Read the rest of this entry

Botnet Attacks WordPress Website

Apparent Botnet Attacked My WordPress Website

graphic image of botnet attackerWhat appeared to be a botnet attacked one of my sites (tech.graphicline.co.za) this morning in a brute-force wp-login attempt from multiple IP addresses. This was the most coordinated attack against any of my sites I’ve experienced. Usually the hacker bots I see use up to 6 IP’s in these attacks – 146 IPs is serious stuff…

146 IP’s Used in Simultaneous Attack

The IP’s listed below are the guilty parties to this brute-force login attack on the site. The main attack started at 05h09 GMT this morning (November 25, 2012) and continued until 05h15 GMT. A second but less intense attacked followed; starting from 05h16 GMT tailing off until ending at 05h43 GMT

Read the rest of this entry

FreeWebMonitoring SiteChecker/0.1

Hacker Bot FreeWebMonitoring SiteChecker/0.1 Pays a Visit

Hacker Bot FreeWebMonitoring SiteChecker/0.1 iconBad bot “FreeWebMonitoring SiteChecker/0.1 (+http://www.freewebmonitoring.com)” paid a visit to one of my websites yesterday from IP address 184.107.201.242 which belongs to Canadian service provider: Canada Montreal Thst Golf Inc.

The full range of IP’s owned by Canada Montreal Thst Golf Inc. is 184.107.0.0 – 184.107.255.255

This bot is not the bot used by freewebmonitoring.com. Their bot is “FreeWebMonitoring SiteChecker/0.2 (+http://www.freewebmonitoring.com/bot.html)”

Read the rest of this entry

Honeypot Your Blog

Honeypot Trap for WordPress.com and Blogger

honeypotProject Honeypot is a Spammer, Hacker and  Mail Harvester monitoring service intended to find and list IP addresses used by people with malicious intentions. Project Honeypot is free to join and provides bloggers with a means to identify these types of visitors.Use the database to check IP addresses for threat level and type of threat, join the movement by installing a honeypot trap on your own sites and blogs, report spambots and other ill-intentioned visitors…

Users of WordPress.com and Blogger.com cannot set-up a hosted honeypot trap as we don’t have access to the server, however we can use a quicklink to assist Project Honeypot in collecting data about spambots and automated dictionary attackers etc.

Using the honeypot trap will not interfere with your normal comment system, it is solely to catch the bots used by spammers. It will also not prevent bots spamming your own comment forms – that’s for Akismet or however else you choose to limit Spam.
Read the rest of this entry