I've been hacked, or not?
Shachar Shemesh
shachar at shemesh.biz
Mon Apr 13 20:11:57 IDT 2015
On 13/04/15 19:34, Shachar Shemesh wrote:
>
> What I'd really like to do is take such a process that I know is
> hanging on connection to the web site, and find out which request it
> thinks it is serving.
>
I love this mailing list :-)
No sooner had I sent this message, I knew how to figure out what was
going on. I ran a tcpdump on both incoming and outgoing requests, and
managed to locate record the actual attack. It turns out that there is a
denial of service (phew! No need to reinstall the server) in wordpress
(yes, I've upgraded to the latest version after the last time my server
died).
I've reported it to the wordpress security team, along with network
dumps. I'm hopeful it will be fixed soon, making us all safer. Following
their recommendation, I'm not disclosing any more details at this point
in time.
Shachar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20150413/7db5046a/attachment.html>
More information about the Linux-il
mailing list