1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Suspicious activity

Discussion in 'BlackHat Lounge' started by Musudan, Apr 23, 2015.

  1. Musudan

    Musudan Newbie

    Joined:
    Oct 14, 2014
    Messages:
    19
    Likes Received:
    4
    Hey, i'm trying to build my first website, i've installed wordfence plugin and the next day i've noticed some wired activity when i check Live Activity from WF, they all crawlers (0 humans).

    I only have 2 posts atm and using WP Construction Mode plugin so nothing is visible, i need to know if this activity is normal.

    Thanks for reply.

    Capture.PNG Capture1.PNG Capture3.PNG Capture4.PNG
     
  2. AutomationSorcerer

    AutomationSorcerer Registered Member

    Joined:
    Apr 25, 2015
    Messages:
    73
    Likes Received:
    66
    Occupation:
    Senior Software Engineer
    Location:
    Ethereal Plane
    Looks like people scanning your website for vulnerabilities, probably found it through some arbitrary google search specific to the web CMS you have installed.

    Back in the day, whenever PHPBB would have a vulnerability, you'd have mass defacing's from people just googling for every PHPBB site out there and running the exploit. There was a security camera at one point with a remote viewer using HTTP protocol; you could find random people's security cameras with a specific search term in google and just go creepy stalker mode on random people.

    Same thing happens if you lease a dedicated server, and install SQL Server on the default port open to public. You'll get 1000 login attempts an hour for sa, from random IPs all over the place. I usually change to a different port to prevent the security audit log from filling up.
     
  3. xNotch

    xNotch Registered Member

    Joined:
    Sep 16, 2014
    Messages:
    81
    Likes Received:
    19
    When you have something running on the internet your going to be hit multiple times a day by random scripts trying to find vulnerabilities in your site. This is kind of just how things are. You should only be worried about these sorts of things if they succeed. So make sure you keep a close I on those logs.

    There's a whole search engine devoted to finding random stuff people have decided to connect to the internet called Shodan.
     
    • Thanks Thanks x 1
  4. AutomationSorcerer

    AutomationSorcerer Registered Member

    Joined:
    Apr 25, 2015
    Messages:
    73
    Likes Received:
    66
    Occupation:
    Senior Software Engineer
    Location:
    Ethereal Plane
    Hah! Shodan is freaking brilliant. I'm definitely bookmarking this.