November 21, 2009 by vito
A botnet attack on http://vito.ho.ua was indicated today from one of the Verizon IP addresses.
Multiple botnet bot or scanner tool scan and injection attempts for http://vito.ho.ua site were happening tonight.
Seems that was relatively advanced botnet as there were signs of scanning
for multiple popular web CMS vulnerabilities -
- content/wp-admin for Wordpress
- templates/subSilver/subSilver.cfg for phpBB
- update.php for Drupal
etc.
I've taken countermeasures and sent a report to the security@verizon.net , waiting for some response now.
Also checked a number of IP blacklisting modules for Drupal, found some weaknesses and the best solution IMHO.
See the IP blacklisting modules for Drupal review soon :)
- vito's blog
- Login or register to post comments
Recent comments
15 weeks 4 days ago
15 weeks 4 days ago
29 weeks 3 days ago