muieblackcat

**lassie** · 03-11-2012, 01:15 PM

I have a website that has occasionally been showing muieblackcat brute force attempts in the logs. Does anyone know if I need to do anything about this to keep my website safe?

**Zethariel** · 03-12-2012, 08:03 AM

To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.

Read the comments, people seem to report it being marginally harmfull

**lassie** · 03-12-2012, 11:22 AM

Thanks a lot Zethariel. The article helped me to see that my website has not been exploited by muieblackcat - yippee

Each time the attack happens it seems to be from a different IP address and from a different country so it would be hard to block. I will try keeping a record to see if there is a pattern or if it is coming from a larger botnet.

It seems to be scanning for php or sql related folders or files. Do you know how it exploits a setup.php file?

**Zenettii** · 04-18-2012, 01:28 PM

When I hosted my blog on it's own server I quickly noticed many "random" attempts of all sorts of attacks. Unsurprisingly lots of them were originating from TOR. (try here for some blacklists of TOR ip's dan.me.uk/dnsbl)
There are plenty of scripted processes that just hunt across web address or IP ranges to test randomly against exploits like the latest 0-day hoping to get a valid target.

03-11-2012, 01:15 PM	#1
lassie Member [02%] MBTI: INTJ Join Date: Mar 2012 Posts: 105	I have a website that has occasionally been showing muieblackcat brute force attempts in the logs. Does anyone know if I need to do anything about this to keep my website safe?
lassie is offline post a comment

03-12-2012, 08:03 AM	#2
Zethariel Member [21%] MBTI: INTP Join Date: Aug 2011 Posts: 865	To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts. Read the comments, people seem to report it being marginally harmfull
Zethariel is offline post a comment

03-12-2012, 11:22 AM	#3
lassie Member [02%] MBTI: INTJ Join Date: Mar 2012 Posts: 105	Thanks a lot Zethariel. The article helped me to see that my website has not been exploited by muieblackcat - yippee Each time the attack happens it seems to be from a different IP address and from a different country so it would be hard to block. I will try keeping a record to see if there is a pattern or if it is coming from a larger botnet. It seems to be scanning for php or sql related folders or files. Do you know how it exploits a setup.php file?
lassie is offline post a comment

04-18-2012, 01:28 PM	#4
Zenettii New Member [01%] MBTI: INTJ Join Date: Apr 2012 Posts: 42	When I hosted my blog on it's own server I quickly noticed many "random" attempts of all sorts of attacks. Unsurprisingly lots of them were originating from TOR. (try here for some blacklists of TOR ip's dan.me.uk/dnsbl) There are plenty of scripted processes that just hunt across web address or IP ranges to test randomly against exploits like the latest 0-day hoping to get a valid target.
Zenettii is offline post a comment