[OPLINTECH] DOS-like attacks
Karl Jendretzky
jendreka at oplin.org
Fri Aug 8 11:31:10 EDT 2014
Yeah, being such a large target has always been one of the major drawbacks of using mainstream CMS software. Drupal just released an update for a very similar issue this week:
https://www.drupal.org/SA-CORE-2014-004
On the up side I'd say it's unlikely you were directly targeted. The various OPLIN server logs show friendly little bots poking us all day long, looking for odd files that usually don't exist, trying to determine the version of code we're running and deciding if it should launch a known automated exploit against us.
My opinion is that updates for things like WordPress, Joomla, Drupal, etc are hands down more important than even Windows updates.
Karl Jendretzky
Technology Manager
Ohio Public Library Information Network
jendreka at oplin.org
(614) 728-1515
----- Original Message -----
From: "Daniel Nixon" <nixonrd at oplin.org>
To: oplintech at lists.oplin.org
Sent: Friday, August 8, 2014 11:12:30 AM
Subject: [OPLINTECH] DOS-like attacks
For many months I have been troubleshooting webserver issues of the lockup variety. Error logs sent me in several different directions until it all came together. In this case a Netherlands IP was the culprit. I also found one Ukrainian from an earlier log and, of course, the crawlers from Palo Alto.
I'd always thought little ole libraries like us were below the radar when it came to hackers. Not so. In our case our Wordpress was getting pounded on a particular php file used to link comments from blogs to blogs (XMLRPC). The intruder kept hitting the door to get in via the XMLRPC hole, effectively locking up the server as it tried to respond to the repeated requests.
Eventually looking in the right place, I found the trouble, a cure and, coincidentally, Wordpress released a security update just one day earlier. All applied and seem to be holding - so far.
I pass it along FWIW.
Dan
--
Daniel Nixon
Wilmington Public Library of Clinton County
268 N. South St., Wilmington, OH 45177
937-382-2417 x25
_______________________________________________
OPLINTECH mailing list
OPLINTECH at lists.oplin.org
http://lists.oplin.org/mailman/listinfo/oplintech
More information about the OPLINTECH
mailing list