3 Jan
2013
3 Jan
'13
5:43 a.m.
Hi Jeremy,
On Wed, Jan 02, 2013 at 08:05:38PM -0800, Jeremy Kitchen wrote:
On Sun, Dec 30, 2012 at 08:10:46PM +0000, Andy Smith
wrote:
I'm afraid not. It is often difficult to get information out of
my own customers, let alone people associated with them. :(
In case it wasn't clear this was a third party admin user's
credentials that were used, not the admin of the VPS concerned.
It appears that the Wordpress admin's own
system was earlier
compromised and this opportunity was used to further compromise
sites they were known to have access to.
any details about desktop system? (os, version, etc) did it feel like a targeted attack or was this just a
blanket "windows
box got owned, oh look there's a wordpress site, and look there's admin
privs" type of thing?
I have no information on this. My customer was quite rattled after
this and concerned even before this happened about people targeting
their site but back then I could find no compelling evidence that it
wasn't just random scanning.
Likewise now, even though it seems a chain has been followed from
another compromise to attack this site, there is nothing to show me
that it was targeted in any way as opposed to just being
opportunistic. The balance of probability is always against targeted
attacks and in favour of opportunistic compromise, of course
My customer needs to discuss this thoroughly with their user, which
is what I have already advised them. It would be nice for me to know
the outcome of that but it's really none of my business ultimately.
Thanks for the other tips.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting