PHP and WP Vulnerabilities?

Forum Moderators: open

Message Too Old, No Replies

PHP and WP Vulnerabilities?

wilderness

6:46 pm on Jul 17, 2016 (gmt 0)

Realize that in most instances, we never never know the reason and/or why of most crawlers/bots.

Are these particular (PHP-WP) pests so successful that they fail to recognize NO (i. e., 403) and persist upon hammering away for every known variation of file name?
Are their rewards (success') when they do gain control over a website (s), so great that they simply persist over and again?
OR, is their bot just hammering away on auto-pilot and than notifying them of an success?

I'm sure there's forums that are devoted to their tactics?
Personally, I'd like to read some of that stuff!
Anybody have a clue?

FWIW, providing links in the open forum is likely not a good idea!
Despite the policy of discouraging sticky mail conversation, that may be the only way to discuss such things without providing source material for future-pests.

not2easy

7:51 pm on Jul 17, 2016 (gmt 0)

Just "hammering away on auto-pilot" is what I see. On most WP sites I work on, I add a captcha to the wp-login file that seems to make them go away. If they get a 403, they just keep on going through their programmed routine from what I've seen in logs. It happens on sites that are not WP also and a 404 does not deter them, though it might take you off their list for the next round. I don't know of any way to make attempts stop.

keyplyr

8:33 pm on Jul 17, 2016 (gmt 0)

For the most part these are coming from compromised accounts at hosting companies. The servers are being droned by a 3rd party so bandwidth is not an issue. I report them to the abuse email listed in the whois.

These are usually one-time events. They seem to be quickly detected (maybe I helped) and the culprit then moves to another account on yet another compromised server.