Support » Everything else WordPress » Suspicious login attempts & all admins locked out

  • We are running WordPress 2.2.3 and Bad Behaviour

    Suddenly none of our admins could log on to our wordpress site. It was Bad Behaviour blocking all login attempts – from four completely differen/independent networks. This was very very strange.

    I had to ssh in, disable BadBehaviour, and log in to discover lots of these BB log entries:

    77.70.106.72 Login Failed: Unknown User “xyz’ UNION ALL SELECT 1,2,user_pass,4,5,6,7,8,9,10 FROM wp_users WHERE ID=1 AND IF(LENGTH(user_pass)>31,BENCHMARK(1,MD5(1337)),3)/*”

    No THAT does not look like a proper login attempt. What is this? Some software gone wild, or a break-in attempt? And how could that render many networks as sources of suspicious activity?

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Suspicious login attempts & all admins locked out’ is closed to new replies.