We are running WordPress 2.2.3 and Bad Behaviour
Suddenly none of our admins could log on to our wordpress site. It was Bad Behaviour blocking all login attempts - from four completely differen/independent networks. This was very very strange.
I had to ssh in, disable BadBehaviour, and log in to discover lots of these BB log entries:
18.104.22.168 Login Failed: Unknown User "xyz' UNION ALL SELECT 1,2,user_pass,4,5,6,7,8,9,10 FROM wp_users WHERE ID=1 AND IF(LENGTH(user_pass)>31,BENCHMARK(1,MD5(1337)),3)/*"
No THAT does not look like a proper login attempt. What is this? Some software gone wild, or a break-in attempt? And how could that render many networks as sources of suspicious activity?