Comments on: Something fishy about all of this… http://warbrain.wordpress.com/2007/11/20/something-fishy-about-all-of-this/ Like tech? Like Apple? So do I. Tue, 02 Sep 2008 13:47:36 +0000 http://wordpress.com/ hourly 1 By: Matt http://warbrain.wordpress.com/2007/11/20/something-fishy-about-all-of-this/#comment-946 Matt Wed, 28 Nov 2007 02:26:45 +0000 http://warbrain.wordpress.com/2007/11/20/something-fishy-about-all-of-this/#comment-946 As someone who runs numerous high profile sites, really everyone either runs through another compromised server, or somewhere out of the netherlands (go figure). I've tried getting some of the other compromised machines shut down and I never hear back from the abuse departments of those netblocks. Any more I don't even bother. As someone who runs numerous high profile sites, really everyone either runs through another compromised server, or somewhere out of the netherlands (go figure). I’ve tried getting some of the other compromised machines shut down and I never hear back from the abuse departments of those netblocks. Any more I don’t even bother.

]]> By: nfreader http://warbrain.wordpress.com/2007/11/20/something-fishy-about-all-of-this/#comment-945 nfreader Wed, 21 Nov 2007 03:03:13 +0000 http://warbrain.wordpress.com/2007/11/20/something-fishy-about-all-of-this/#comment-945 I hate to break it to you but I think you're wrong. None of this is staged. IPs are hard to track. You've gotta know what you're looking for. This guy's new but he's not stupid. In all likelihood, he's using a proxy to get at wp-admin.php. Even if someone found the IP of the proxy he's using, there are thousands of proxies out there that he can use. Blocking them all is impossible. As for investigating it, that's rather difficult. I know that my webhost control panel isn't that great at tracking IPs and I bet the ones used on GW and MA aren't either (mine only records the last 300 visitors). Seeing as how the the vulnerabilities were found in Wordpress and not with the site itself, I doubt any host or ISP would launch such an investigation. There's no place to start. Of course, I'm not an expert or anything, so take all of this with a grain of salt. I hate to break it to you but I think you’re wrong. None of this is staged.

IPs are hard to track. You’ve gotta know what you’re looking for. This guy’s new but he’s not stupid. In all likelihood, he’s using a proxy to get at wp-admin.php. Even if someone found the IP of the proxy he’s using, there are thousands of proxies out there that he can use. Blocking them all is impossible.

As for investigating it, that’s rather difficult. I know that my webhost control panel isn’t that great at tracking IPs and I bet the ones used on GW and MA aren’t either (mine only records the last 300 visitors). Seeing as how the the vulnerabilities were found in WordPress and not with the site itself, I doubt any host or ISP would launch such an investigation. There’s no place to start.

Of course, I’m not an expert or anything, so take all of this with a grain of salt.

]]>