‘Fort Disco’ Botnet Behind Attack Campaign Against Thousands Of Sites

“The number of weak passwords is not surprising, as this campaign is clearly a target of opportunity and not focused on a specific target,” Bing says. “This is interesting as it marks a sea change in the tactics of attackers. In addition to drive-by exploits of unpatched Windows machines being the low-hanging fruit, attackers are learning that these blog and content management systems are often vulnerable to trivial attacks.”

via ‘Fort Disco’ Botnet Behind Attack Campaign Against Thousands Of Sites.

Global WordPress Brute Force Flood

As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence. This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack.

via Global WordPress Brute Force Flood | HostGator Web Hosting Blog | Gator Crossing.

This wordpress blog has been receiving these attacks since around the beginning of the year.   Getting rid of the admin account is a first step and using strong passwords is a second, I chose to just shut down access from the Internet entirely by disabling the wp-admin directory and wp-login.php access in httpd.conf.   That may not be practical for most sites however.  The error logs were getting quiet in the last 3 or 4 weeks and then this week they’re back up to full speed blocking with IPs from ranges all over the place.   It looks like I’m not the only one experiencing this according to here and here.

Update:  From my observations of the logs over these last few months these bots are hitting the sites very patiently, sometimes once an hour thus running under the radar of the security plug ins I tried.

Update II: More links here, here, and from here:

These rules will block access for the offending IP address for 5 minutes upon 10 failed login attempts over a 3 minute duration.

This won’t work.  Each IP from these bots may hit you once or twice an hour so any limit login plugin won’t detect them at any rate to ban them.  You can’t stop this on an IP basis.  Since my logs last rotated Sunday morning (almost 6 days ago) I have had 500 different IP addresses hit wp-login.php.  They all have been given 403 Forbidden responses yet they keep coming.


What is this?

Ping-O-Matic is a service to update different search engines that your blog has updated.

Learn more…

We regularly check downstream services to make sure that they’re legit and still work. So while it may appear like we have fewer services, they’re the most important ones.

Make sure to only ping specialized services if they’re relevant to your blog, otherwise you’ll cause an undue burden on them.

via Ping-o-Matic!.

Connecting to an external database from within a WordPress post

Connecting to an external database from within a WordPress post — Tyssen Design.

Hi Phil,

At the top of the post, I included:

and that file looked like:
function runSQL($rsql) {
$dbcnx = @mysql_connect('localhost',$user,$rootpasswd,true);
if (!$dbcnx) {
echo '<p>Unable to connect to the database server at this time.</p>';
mysql_select_db($db, $dbcnx);
$result = mysql_query($rsql) or die ('test');
return $result;

Then to loop through the results:
$sql = "Your SQL statement goes here";
$result = runSQL($sql);
while ($row = mysql_fetch_array($result)) {
Do stuff;


vCita is a new way to interact with website visitors, acquire clients and provide services online. vCita encourages your online audience to approach you, ask for advice and schedule time to talk over video or phone.

via vCita.

This site puts out a wordpress plugin (secure contact form) that uses the resources this outfit has to offer.   Interesting business model.