I don’t get in contact with this kind of software that much but when I do it nearly always draws a smile onto my face – like it did recently: as I looked at my webstats today I mentioned that I again forgot to harden my WordPress against those poor people who got hijacked for taking part in massive botnet bruteforce attacks. „Harden“ simply means to rename wp-login.php to something else while putting an empty file with that name into place.
Thats no reason to write a blog post about – the fun fact in this story is that the numbers of attackers on wp-login.php exactly corresponds to an unusual high amount of connections via a certain operating system:
1 |
25975 |
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 |
I don’t have to mention that there’s no browser involved in these attacks, it is done by some scripts running as „services“ in the background connecting through curl and the like. So the important information in this entry is the operating system used:
Windows NT 6.3
A closer look into the Wiki reveals the commonly known name of it: „Windows 8.1, Windows 8.1 Pro, Windows 8.1 Enterprise, Windows RT 8.1“
So either those script kiddies have a good sense of humor (which I bet is the case) or the brand new (bugfix-)Windows is a bigger fail than anyone expected (which is also the case).
This article was published
Montag,, 27. Januar 2014 @ 16:15.
You may want to subscribe to the comments via RSS 2.0 feed.
Post a comment, or create a trackback on your page.
Write a comment / Schreibe einen Kommentar (Windows 8.1 – One of the Best Platforms for Bot Nets?)
Please note that comments are moderated and don't appear immediately. If you're reporting a problem or a bug I'll publish them when I started processing your request.
Bitte beachte: Kommentare sind moderiert und erscheinen nicht sofort. Ich veröffentliche Bugreports und Hilferequests erst, sobald ich mich eines Problems oder Bugs angenommen habe.
Thank you very much!! You're doing an essential job for the development of open source software! The following points aren't meant as dogmas but as a clue, decide for yourself what you think could be useful in troubleshooting.
- Please...
- ...state name and version of your operating system / desktop environment
- ...state the version of the program you're using
- ...be detailed in what is happening and what you expected to happen
- ...try to provide some deeper information (like xplanetFX logs or the output of the program when started in a terminal window)
- ...speak to me as a human being, don't think I'm a bot.
Herzlichen Dank!! Fehlerberichte sind essentiell für die Entwicklung von Open-Source-Software! Die folgenden Punkte sind keine Dogmen, sondern sollen eher Anhaltspunkte darstellen; entscheide selbst, ob sie für die Fehlersuche hilfreich sein könnten.
- Bitte...
- ...nenne den Namen und die Version Deines Betriebssystems / Deiner Desktopumgebung
- ...nenne die Version des von Dir benutzten Programms
- ...beschreibe möglichst genau, was passiert und was Du erwartest, was passieren sollte
- ...stelle möglichst tiefergehende Informationen zur Verfügung (xplanetFX Logs oder die Ausgabe des Programms im Terminalfenster)
- ...sprich mit mir, wie mit einem Menschen, ich bin kein Automat.