Pois é, caros amantes e usuários do WordPress, o maior CMS do mundo está sofrendo com mais uma onda de ataques, onde tudo indica que o maior prejudicado é o banco de dados mysql.

Vejam na imagem capturada abaixo de um blog, que neste horário possui uma média de 100 acessos simultâneos, mas que o banco apresenta 300 conexões. Aonde já se viu… hehehe

 

Screen Shot 2014-08-14 at 1.19.44 AM

Vejam a lista  abaixo que o ngrep -q -dlo -W byline port 3306 está trazendo: isso é comunicação interna, para vcs terem ideia..

rney”;s:4:”time”;s:19:”2013-06-30 03:00:39″;}i:21934;a:3:{s:2:”ip”;s:14:”212.200.209.32″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:00:42″;}i:21935;a:3:{s:2:”ip”;s:13:”122.54.251.13″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:00:43″;}i:21936;a:3:{s:2:”ip”;s:15:”194.176.111.171″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:00:45″;}i:21937;a:3:{s:2:”ip”;s:13:”71.23.237.178″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:00:47″;}i:21938;a:3:{s:2:”ip”;s:13:”187.175.7.188″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:00:48″;}i:21939;a:3:{s:2:”ip”;s:13:”171.101.80.32″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:00:53″;}i:21940;a:3:{s:2:”ip”;s:13:”201.183.99.20″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:00:54″;}i:21941;a:3:{s:2:”ip”;s:14:”190.152.51.214″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:00:55″;}i:21942;a:3:{s:2:”ip”;s:13:”190.118.67.48″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:00:56″;}i:21943;a:3:{s:2:”ip”;s:14:”181.114.70.158″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:00″;}i:21944;a:3:{s:2:”ip”;s:11:”1.1.184.235″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:03″;}i:21945;a:3:{s:2:”ip”;s:14:”190.42.110.188″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:01:05″;}i:21946;a:3:{s:2:”ip”;s:12:”181.67.87.55″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:07″;}i:21947;a:3:{s:2:”ip”;s:13:”190.65.66.251″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:01:07″;}i:21948;a:3:{s:2:”ip”;s:14:”190.252.59.122″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:01:08″;}i:21949;a:3:{s:2:”ip”;s:14:”190.252.59.122″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:01:09″;}i:21950;a:3:{s:2:”ip”;s:14:”179.222.109.38″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:13″;}i:21951;a:3:{s:2:”ip”;s:15:”190.233.117.241″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:01:16″;}i:21952;a:3:{s:2:”ip”;s:11:”31.3.250.37″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:01:16″;}i:21953;a:3:{s:2:”ip”;s:13:”201.230.86.62″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:01:22″;}i:21954;a:3:{s:2:”ip”;s:13:”78.177.162.41″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:23″;}i:21955;a:3:{s:2:”ip”;s:13:”101.51.231.85″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:25″;}i:21956;a:3:{s:2:”ip”;s:11:”186.5.31.36″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:01:26″;}i:21957;a:3:{s:2:”ip”;s:13:”186.91.194.51″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:27″;}i:21958;a:3:{s:2:”ip”;s:14:”202.21.106.170″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:28″;}i:21959;a:3:{s:2:”ip”;s:15:”190.238.225.133″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:01:30″;}i:21960;a:3:{s:2:”ip”;s:15:”190.236.228.100″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:32″;}i:21961;a:3:{s:2:”ip”;s:13:”14.141.27.146″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:01:32″;}i:21962;a:3:{s:2:”ip”;s:15:”189.225.152.132″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:01:45″;}i:21963;a:3:{s:2:”ip”;s:13:”95.58.105.198″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:46″;}i:21964;a:3:{s:2:”ip”;s:14:”187.142.192.37″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:01:47″;}i:21965;a:3:{s:2:”ip”;s:11:”2.132.6.235″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:49″;}i:21966;a:3:{s:2:”ip”;s:14:”171.99.243.161″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:01:53″;}i:21967;a:3:{s:2:”ip”;s:14:”106.159.134.79″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:53″;}i:21968;a:3:{s:2:”ip”;s:13:”190.118.76.68″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:01:55″;}i:21969;a:3:{s:2:”ip”;s:13:”186.32.13.100″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:01:56″;}i:21970;a:3:{s:2:”ip”;s:14:”212.200.209.32″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:01:57″;}i:21971;a:3:{s:2:”ip”;s:13:”201.157.4.104″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:01:57″;}i:21972;a:3:{s:2:”ip”;s:15:”112.202.153.157″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:01:58″;}i:21973;a:3:{s:2:”ip”;s:12:”182.23.77.11″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:01:59″;}i:21974;a:3:{s:2:”ip”;s:14:”175.138.185.23″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:02:04″;}i:21975;a:3:{s:2:”ip”;s:14:”190.42.147.106″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:02:05″;}i:21976;a:3:{s:2:”ip”;s:13:”201.40.33.144″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:02:10″;}i:21977;a:3:{s:2:”ip”;s:14:”190.203.45.140″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:02:11″;}i:21978;a:3:{s:2:”ip”;s:14:”201.240.152.54″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:02:12″;}i:21979;a:3:{s:2:”ip”;s:14:”180.190.168.61″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:02:13″;}i:21980;a:3:{s:2:”ip”;s:12:”186.9.136.70″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:02:15″;}i:21981;a:3:{s:2:”ip”;s:14:”101.51.141.197″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:02:16″;}i:21982;a:3:{s:2:”ip”;s:14:”190.43.236.168″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:02:20″;}i:21983;a:3:{s:2:”ip”;s:12:”121.54.54.39″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:02:23″;}i:21984;a:3:{s:2:”ip”;s:12:”120.28.125.9″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:02:26″;}i:21985;a:3:{s:2:”ip”;s:14:”201.58.250.145″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:02:28″;}i:21986;a:3:{s:2:”ip”;s:14:”124.105.162.38″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:02:29″;}i:21987;a:3:{s:2:”ip”;s:14:”64.237.226.121″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:02:31″;}i:21988;a:3:{s:2:”ip”;s:13:”121.54.67.150″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:02:33″;}i:21989;a:3:{s:2:”ip”;s:13:”122.26.186.84″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:02:36″;}i:21990;a:3:{s:2:”ip”;s:13:”181.95.159.40″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:02:40″;}i:21991;a:3:{s:2:”ip”;s:14:”203.177.74.136″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:02:41″;}i:21992;a:3:{s:2:”ip”;s:14:”189.136.43.240″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:02:42″;}i:21993;a:3:{s:2:”ip”;s:14:”187.209.97.240″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:02:45″;}i:21994;a:3:{s:2:”ip”;s:13:”112.198.82.61″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:02:57″;}i:21995;a:3:{s:2:”ip”;s:14:”203.80.128.100″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:02:58″;}i:21996;a:3:{s:2:”ip”;s:15:”122.103.145.162″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:02:59″;}i:21997;a:3:{s:2:”ip”;s:14:”181.37.178.192″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:03:01″;}i:21998;a:3:{s:2:”ip”;s:14:”109.224.37.124″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:03:02″;}i:21999;a:3:{s:2:”ip”;s:13:”186.29.147.92″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:03:03″;}i:22000;a:3:{s:2:”ip”;s:12:”110.164.59.7″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:03:05″;}i:22001;a:3:{s:2:”ip”;s:12:”69.198.105.2″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:03:07″;}i:22002;a:3:{s:2:”ip”;s:13:”36.76.208.119″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:03:11″;}i:22003;a:3:{s:2:”ip”;s:13:”190.152.90.28″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:03:16″;}i:22004;a:3:{s:2:”ip”;s:15:”190.239.175.215″;s:8:”username”;s:5:”admin”;s:4:”time”;s:19:”2013-06-30 03:03:18″;}i:22005;a:3:{s:2:”ip”;s:12:”173.12.49.27″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:03:29″;}i:22006;a:3:{s:2:”ip”;s:13:”189.133.96.34″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:03:31″;}i:22007;a:3:{s:2:”ip”;s:14:”176.205.57.173″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:03:34″;}i:22008;a:3:{s:2:”ip”;s:14:”190.131.65.108″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:03:34″;}i:22009;a:3:{s:2:”ip”;s:14:”189.136.65.176″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30 03:03:35″;}i:22010;a:3:{s:2:”ip”;s:15:”200.109.230.142″;s:8:”username”;s:8:”meusite”;s:4:”time”;s:19:”2013-06-30 03:03:39″;}i:22011;a:3:{s:2:”ip”;s:12:”31.169.9.209″;s:8:”username”;s:13:”administrator”;s:4:”time”;s:19:”2013-06-30

Aviso: O coruja de ti não está sendo afetado por este ataque, já que temos o cloud proxy configurado como frontend.

O ataque, bem sucedido até o presente momento, está sendo realizado em um blog que está funcionando na última versão do wordpress e com todos os seus plugins atualizados.

O problema é muito parecido com o que foi descrito, há alguns dias atrás, quanto ao xmlrpc.php, que tem como uma das possíveis soluções a sua remoção. Onde neste blog, foi a implementada.

São 1:28 AM, mais informações e logs estão sendo coletados para posterior análise e possíveis testes, com o objetivo de mitigar o problema.

Plugins, caches e uploads já foram removidos, mas o problema persiste.

São por estes e outros ataques, que defendo o investimento quanto a contração de soluções de segurança, focadas em wordpress, como CloudProxy e cloud flare.

Publicarei mais informações assim que terminar a análise..