Suspicious login attempts & all admins locked out (4 posts)

  1. LostInNetwork
    Posted 7 years ago #

    We are running WordPress 2.2.3 and Bad Behaviour

    Suddenly none of our admins could log on to our wordpress site. It was Bad Behaviour blocking all login attempts - from four completely differen/independent networks. This was very very strange.

    I had to ssh in, disable BadBehaviour, and log in to discover lots of these BB log entries: Login Failed: Unknown User "xyz' UNION ALL SELECT 1,2,user_pass,4,5,6,7,8,9,10 FROM wp_users WHERE ID=1 AND IF(LENGTH(user_pass)>31,BENCHMARK(1,MD5(1337)),3)/*"

    No THAT does not look like a proper login attempt. What is this? Some software gone wild, or a break-in attempt? And how could that render many networks as sources of suspicious activity?

  2. LostInNetwork
    Posted 7 years ago #

    Oh shit. It's on milw0rm
    Exploit 3656

    We're safe, but... Has anyone else had BadBehaviour locking you out? Why?

  3. theapparatus
    Posted 7 years ago #

    I do hope you saw the sticky about Bad Behavior at the head of the forums and really didn't ask that question. ;)

    edit: Upgrade your version of BB as there was an issue with a previous version.

  4. LostInNetwork
    Posted 7 years ago #


Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.