| « Search Engine Purgatory | Is Your Business Phone Number Correct? » |
There Is A New BotNet In Town
01/21/18
There Is A New BotNet In Town.
There is a new botnet in town and it may be coming for you.
I have been noticing in my server logs for the past month or so a tremendous amount of hits coming for the same files and folders.
Files and folders that do not exist on my servers and the hits do not come from the same IP or country. I am concluding this is the work of a botnet.
It appears a botnet has been activated and it appears to be searching for and attempting to exploit WordPress blogs and sites.
Follow up:
Expample:
/wp-content/plugins/formcraft/file-upload/server/content/upload.php
/wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php
/wp-content/plugins/dzs-portfolio/admin/upload.php
/wp-admin/admin-ajax.php
These are POST requests pulled from my server log files.
Notice they are attempting to access WordPress files and folders (WP-).
I don't use wordpress so these exploit attempts are wasted on my sites, but while they are not successful they do use resources. A server must respond to every request, even ones it cannot successfully service, that response, however small, is a use of the servers processing power. Processing that should be going to legitimate visitors to your website.
This does not appear to be a DDoS attack as the bots are hitting the sites slower and attempting to post to a file or folder. What I have seen from logs shows about 9 - 15 hits in a 15 second span of time. It appears to be more exploitative than Denial of Service.
Botnets are like ants, one or two may be annoying, and even painful if they bite, but overall, not that harmful. Ants do not come in ones and twos, ants come by the thousands and that is when they are destructive and deadly. Botnets are like ants, they come by the thousands, hundreds of thousands and possibly the millions, and that is how they gain power and become destructive.
A botnet is made up of infected computers; the owner is usually completely unaware they are infected. Infect enough computers and have them carry out requests and exploits at the same time, against the same site or server and suddenly it becomes overwhelming and could shut down the server or site.
So what is going on here? If this is not a Denial of Service attack, is it a widespread attempt to hack, infect or gain control of all WordPress blogs?
Is this the work of The Reaper bot net?
What do you think? Webmasters, are you seeing this too?
Like Computer Care on FaceBook
Follow us on Twitter
computer Care on Pinterest
computer Care on instagram
Visit the Computer Care Catalog Online for all your part needs.
Bookmark this article at
No feedback yet
Comment feed for this postLeave a comment
