Crawford Sausage Company <
m...@brandylion.com> wrote:
> It says to check my logs and I did. They're trying to post
> to a Wordpress xmlrpc.php script. Over the years I have had
> so many problems with this the simplest solution was to put
> an exit statement at the beginning so it returns 200 and
> a few bytes and that's all. They're pounding my
> site but it's not even making a blip right now.
If the email was legit, which it doesn't look like it to me, I doubt if it
has anything to do with the xmlrpc.php file.
Generally it's some kind of denial-of-service attack, usually from 1000's of
compromised window machines that have some kind of trojan which can get
instructions from a central mothership of sorts.
Either via ping or just making a connection to the server on port 80, dozens
per second, no big deal, tens of thousands, different story.
The thing is, usually those types of attacks aren't for ransom. They usually
are reserved for "teach you a lesson" kind of thing. The sony playstation
stuff, the mpaa website, the fbi.
The main problem, or concern to them is, they pretty much played all their
cards on the first hand dealt. They have to launch the crippling blow on the
first shot because it'll get weaker with later attacks. They can't really
sustain the attack over long periods of time.
Generally the ransom demands are with networks that got taken over, where
all the data is encrypted and they pay or never see their data again.
> Prevent it all with just 5 BTC @ <some random ascii string>
That's the other thing, 5BTC is over $3200 and not likely to be paid by
anyone. Usually the ask is "only" half or 3/4th of a btc, $300-$500 which
some will pay just for the insurance. Sort of the way store owners paid the
mafia for protection.
Sounds like some script kiddies playing around.
The other thing with BTC is although it's anonymous, it's trivial to follow
where it's being transfered to and from. They have these things called block
explorers where that address they gave you to send the BTC to can be viewed
to see what is in it now. Even if someone deposits some BTC into it, if the
coins are xfered out to other wallet addresses, you can see where those went
as well.
Not that it'll lead to concrete proof to who did it but can be traced around
and monitored.
-bruce
b...@ripco.com