Suspicious login attempts & all admins locked out
We are running WordPress 2.2.3 and Bad Behaviour
Suddenly none of our admins could log on to our wordpress site. It was Bad Behaviour blocking all login attempts – from four completely differen/independent networks. This was very very strange.
I had to ssh in, disable BadBehaviour, and log in to discover lots of these BB log entries:
126.96.36.199 Login Failed: Unknown User “xyz’ UNION ALL SELECT 1,2,user_pass,4,5,6,7,8,9,10 FROM wp_users WHERE ID=1 AND IF(LENGTH(user_pass)>31,BENCHMARK(1,MD5(1337)),3)/*”
No THAT does not look like a proper login attempt. What is this? Some software gone wild, or a break-in attempt? And how could that render many networks as sources of suspicious activity?
- The topic ‘Suspicious login attempts & all admins locked out’ is closed to new replies.