WordPress Under Attack

Huge attack on WordPress sites could spawn never before seen super botnet   Ars Technica

There’s a headline tonight on ArsTechnica, the technology blog:

Huge attack on WordPress sites could spawn never-before-seen super botnet

This site runs on WordPress. So do all the other sites I build. Obviously, a scary headline.

Scary for ArsTechnica too. Their site is also built on WordPress.

This is pretty wicked stuff. It’s called a brute force attack because password after password is sent to the default “admin” account. The attackers are looking for sites protected with commonly used passwords.

Most of my sites don’t use “admin.” I’ll try and harden the rest this weekend. it’s a pretty simple change.

None of my sites use dictionary words for their password. This attack won’t work on me.

ArsTechnica speculates the huge bandwidth available through websites running WordPress could make these compromised machines the most powerful botnet ever seen!

This is like science fiction. Except it’s real.

The New Spam: Hello – How Are You?

This is a test for sure. But what’s being tested? I have no clue.

Right now my email spam folder has nine emails unlike all the others. Though each claims to be from a different sender they’re all exactly alike. The subject is “hello” and the body is “how are you?” That’s it.

Like most spam its lineage is questionable. All the addresses are forgeries.

I opened a few to check the routing information. The first originated in Brazil. Another came from India. I suspect each of these spams comes from a different source. More than likely this is a botnet at work.

Someone has gone to a lot of trouble, but why? Seriously–this spam accomplishes nothing. There is no ad nor any payload (like a virus). Because most of the addressing info is forged these spams can’t report back on what they find.

This is a test for sure. But what’s being tested? I have no clue.

These “hello – how are you?” messages are one of two coordinated spam waves I’m currently seeing. The other contains snippets from various news stories run together into a large paragraph of unrelated sentences! Again it’s totally worthless to the spammer with no useful payload though it certainly requires a lot of resources.

Are you getting these to? I’d like to know.

Because so many of you are curious I’m including the source from one after the jump. The email was sent to a seemingly random, non-existent mailbox at geofffox.com. As with all my email it is then forwarded to a catch all box at Gmail.
Continue reading “The New Spam: Hello – How Are You?”

Here Comes The Spam

Since the bog has been up with Wordpress (under 24 hours and only now beginning to be seen by Google) I’ve gotten 46 comments. 41 were spam!

While setting up this new iteration of the blog I made a decision–all my older entries would again be open for comments. A few years ago faced with a plethora of blog spam comments were shut off after a week or two.

You know what spam is, but blog spam? It’s much more insidious!

Did you create your own blog or did a program do it? Could you please respond? 18 – Leila Caracci

Looks harmless, right? Except Leila’s email address says she’s GailWoolfolk@aol.com. There’s more.

My blog’s comment form allows you to enter a website address. Leila/Gail has attached MLBH0TD0G.TK (I have sanitized the site by substituting zeros). There lies the rub.

If that comment had gotten posted, accompanied by that URL, the named website would get a little rub of my Google glory. It would rank a tiny bit higher in searches. Multiply that by hundreds or thousands of sites and the effect can become enormous.

I would have spotted this on my own, but WordPress comes with Akismet, a filter which performs the job silently and very well.

This blog is great. How did you come up witht he idea? 6 3 4

That’s another one appealing to my ego. Notice the random numbers at the end to try and throw off filtering. It didn’t work.

Great site! Your writing is so fresh compared to most other bloggers. Thanks for writing when you get the chance to, I’ll be sure to keep visiting!

That’s another with a non-matching email/name combo. The linked website soft sells French Press coffee makers with an affiliate link to Amazon. These folks are resourceful.

Any time anyone has something of value others want a piece of it, like my Google karma. What the Internet does is make tiny inconsequential pieces easy to aggregate. I would guess getting many Geoff’s to post your URL produces significant income for little effort!

Since the bog has been up with WordPress (under 24 hours and only now beginning to be seen by Google) I’ve gotten 46 comments. 41 were spam!

As long as Akismet holds its ground I’ll keep everything open. I am only marginally optimistic.