A Closer Look At Brute Force Attacks Against WP Sites


Perhaps one of the easiest attacks to perform on a WordPress based website is a brute force attack. Sucuri took the time to create a few different honeypots and monitored WP-Login.php to track the various IP addresses as well as the passwords used to break into the site. Their list of passwords attempted is no Read More

The Daily Plugin for 07-17-2013


We start early in the morning every day. Like the farmer extracting fresh eggs from his trusted hens, we’re up at the crack of dawn to examine the quality of each new plugin submitted to the WordPress Plugin Repository. Some are Grade A Extra Large, some are just a cracked shell with nothing inside. Either Read More

Dropbox And WordPress.com – Infrastructure For Malware Attacks


Network security is one of those things in life I find fascinating. It’s a constant battle between good and evil. Just when the good guys think they have things figured out, the bad guys change their techniques. With all of the good that comes from using Cloud based services, there is also the other side Read More

Raw Look At The Trackback Attack


Now that I’ve weathered the storm and the attacks have subsided for now, I think it would be good to share with you what my raw access log files looked like during that day to see the distributed denial of service in action. Thanks to Kim Parsell, I was able to rename the raw access Read More

Woopra 1.4 Released


Woopra Client 1.4 has been released to the public after a few months of beta testing. This new version includes a number of new features and enhancements. For instance, Woopra users now have the ability to embed a chat widget onto their site that enables inbound chatting whereas before, it was only outbound. Notifications have Read More