Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Last few days: spike in exploited attacks?


Last few days: spike in exploited attacks?




Posted by Zeno McDohl, 12-24-2012, 12:19 PM
Has anyone experienced a spike in attacks on websites in the last few days? I just noticed a site on a server under a reseller was exploited and this is now the page: Googling around seems this is very common but I can't tell if this is recent. I don't seem to find a similarity; some sites were Wordpress, others were Joomla and some a secure version of Mambo. Any thoughts? I've already locked down sites I have control over.
Posted by quicktech, 12-24-2012, 12:24 PM
Attacks like this is very common - happens every day. Why do you assume there should be any trend over the last couple of days? Have you seen a vast increase in the number of attacks to your servers in this period or is this one site your only point of reference? If the latter: Take it easy, its normal. Just restore the site and patch its security holes
Posted by Zeno McDohl, 12-24-2012, 12:46 PM
I've never seen this many at once, a reseller informed me at least 10 of their sites had this same issue. It just strikes me as odd, since they are all different platforms. I checked over the logs of 1 so far, and all I see is the attacker simply logging into the backend of WP with no failed attempts. I don't do WP at all though, the reseller manages those sites... so I'm not familiar with it.
Posted by Snoork Hosting, 12-25-2012, 12:05 AM
I would advise getting some security in place on the server such as adding Mod Security to regent web attacks, SQL injections, cross site scripting, etc... Also you may want to scan the server with ConfigServer Exploit Scanner to see if there are any real vulnerabilities uploaded inside the server. Also make sure that WordPress blogs and plugins are always up to date to prevent any hacking attempts.
Posted by brianoz, 12-25-2012, 02:44 AM
if you're getting a lot on your server at once, best check you haven't been root compromised, that you're running suphp or something that runs user PHP as different users, and that you've fixed the symlink exploit.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
How can I raid 0 two hard drives in a windows 2008 r2 dedicated server? (sysrcd) (Views: 755)
Essential Software / Rescources (Views: 729)
Serverselect.net screwed me up. (Views: 697)
GNAX Down? JaguarPC entire network down? (Views: 789)
Hosting packages (Views: 737)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.