4 Oct
2015
4 Oct
'15
4:45 p.m.
Hi Gavin,
On Sun, Oct 04, 2015 at 05:28:59PM +0100, Gavin Westwood wrote:
I'm afraid I don't know as I only have the information that the
customer gives me and I have limited grounds to insist upon
research.
It's not
known at this stage how the customer's Wordpress was
compromised. The site has been disabled.
Was the Wordpress install up-to-date? While it could have been a weak password or a plugin,
it's worth knowing
whether it could just be because they had an old version with a security
vulnerability, or whether there might be a currently unknown security
bug in the latest version.
Probability would always side with a known flaw or simple brute
force attack. The fact that the first thing it seems to have done is
a brute force attack lends weight to itself being caused by brute
force attack, as this is a pattern which is common also to SSH brute
force compromise: first thing they do is get it attacking other
hosts.
Incidentally there is an article here with Wordpress setup tips:
https://tools.bitfolk.com/wiki/WordPress_setup
If anyone thinks it could be improved, please do so.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting