Hi Jeremy,
I'm afraid not. It is often difficult to get information out of
On Wed, Jan 02, 2013 at 08:05:38PM -0800, Jeremy Kitchen wrote:
> On Sun, Dec 30, 2012 at 08:10:46PM +0000, Andy Smith wrote:
> > It appears that the Wordpress admin's own system was earlier
> > compromised and this opportunity was used to further compromise
> > sites they were known to have access to.
>
> any details about desktop system? (os, version, etc)
my own customers, let alone people associated with them. :(
In case it wasn't clear this was a third party admin user's
credentials that were used, not the admin of the VPS concerned.
I have no information on this. My customer was quite rattled after
> did it feel like a targeted attack or was this just a blanket "windows
> box got owned, oh look there's a wordpress site, and look there's admin
> privs" type of thing?
this and concerned even before this happened about people targeting
their site but back then I could find no compelling evidence that it
wasn't just random scanning.
Likewise now, even though it seems a chain has been followed from
another compromise to attack this site, there is nothing to show me
that it was targeted in any way as opposed to just being
opportunistic. The balance of probability is always against targeted
attacks and in favour of opportunistic compromise, of course
My customer needs to discuss this thoroughly with their user, which
is what I have already advised them. It would be nice for me to know
the outcome of that but it's really none of my business ultimately.
Thanks for the other tips.
Cheers,
Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAlDlGngACgkQIJm2TL8VSQsx7gCgnbElE2jNZWS5dj//7MsFd+Oq
40UAoI9Xd9A2OaD580VCHAqq3MPios6l
=r1XM
-----END PGP SIGNATURE-----
_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users