Warning: Constant ABSPATH already defined in /home/public/wp-config.php on line 27
Again With The Attacks — Why Now?
On-line Opinion Magazine…OK, it's a blog
Random header image... Refresh for more!

Again With The Attacks

by Bryan

This time they are attacking my log-in system looking to take over my resources, so my host has disabled the log-in file. To get on I have to change file permissions, sign on, and then revert to locking the file.

They are wasting my resources, wasting ‘Net resources, annoying a lot of people, and providing no benefit to anyone, not even themselves. [No different than what NSA et al. are doing, really.]

They are running a script trying to determine user name and password, which will take a very long time on my site and get them noticed, as happened.

I will probably switch back to Spamshield, assuming they have fixed their earlier problem with three updates since I encountered it a week ago, as they also block log-in bots.

This is the price you pay for using a popular CMS program – lots of people trying to break it.

12 comments

1 Bryan 2 { 09.07.14 at 1:39 pm }

I’m creating a second commenting account to use when I can’t use my admin account.

2 Kryten42 { 09.07.14 at 3:44 pm }

Yes. I’ve been discovering that, and my site isn’t even general knowledge yet! Still, one advantage to having my own VPS (or cloud server) is that I control everything. 🙂

Good luck m8. 🙂

Oh! Speaking the lengths hackers will go… I found this last week and meant to post it! Talk about eye opening! 😐

Bogus cellphone towers found in the US

The resources required are mind boggling!

3 Kryten42 { 09.07.14 at 4:00 pm }

And these also:

Major cyber attacks hit 5 US banks including JPMorgan

Pentagon confirms that missile defenses are vulnerable to cyber attack

ICREACH program, NSA Search Engine for communications analysis


ICREACH is the name of a Google-like search engine designed by the National Security Agency (NSA) that provides metadata related to individuals living in US to more than two dozen US government agencies.

The Intercept has revealed the existence of ICREACH, a platform used to share data on more than 850 billion communications records detailing e-mails, phone calls, instant messages, and phone geolocation. The revelation is based on classified documents, dated 2006 and 2007 and disclosed by whistleblower Edward Snowden, which describe ICREACH as a “federated query” engine that would search “across all data sets for information relating to a target identifier.”
The knowledge of a so huge amount of metadata shared through ICREACH program allows agencies to track people in real life and online, map out their networks of associates and predict future actions.

The FBI and the Drug Enforcement Administration are referred as the “key participants” in the ICREACH program, but the documents confirm that the platform has been accessible to more than 1,000 analysts at 23 US Government agencies involved in Intelligence activities.

According to The Intercept the large-scale of ICREACH represents a serious threat to citizens’ privacy, it seems that also individuals not accused of illegal activities were monitored by the system.

“Legal experts told The Intercept they were shocked to learn about the scale of the ICREACH system and are concerned that law enforcement authorities might use it for domestic investigations that are not related to terrorism.” reports The Intercept.

“To me, this is extremely troublesome,” “The myth that metadata is just a bunch of numbers and is not as revealing as actual communications content was exploded long ago—this is a trove of incredibly sensitive information.” said Elizabeth Goitein, co-director of the Liberty and National Security Program at the New York University School of Law’s Brennan Center for Justice.

4 Bryan { 09.07.14 at 5:38 pm }

If those are military cell towers, standards have certainly fallen, because in my day we would have used something like a power pole with a transformer on it, but the ‘transformer’ wasn’t connected to anything. The last thing our antennae looked like was antennae. It could be some outrageously expensive boondoggle sold by a contractor to block cell signals during a bomb threat on the base – to prevent remote detonation by a cell phone trigger.

OTOH, it could be Verizon getting ready to attack its competitors by taking down the cell service to non-Verizon phones. I don’t trust any of them any more. The telcoms are as bad as the new diseased NSA when it comes to hacking and cracking.

5 Kryten42 { 09.07.14 at 5:46 pm }

Funny you mention Verizon. 🙂 I had a similar thought! Corp. Espionage, taken to new levels! Wouldn’t surprise me either. But this part was very curious:

“Interceptor use in the U.S. is much higher than people had anticipated,” Goldsmith says. “One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip. We even found one at South Point Casino in Las Vegas.”

Some of the bogus cellphone towers were discovered in proximity of U.S. military bases and this circumstance alarm intelligence and security experts that has no idea of who has installed and currently maintain a so expensive and complex apparatus.

“What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.” says Goldsmith. “Whose interceptor is it? Who are they, that’s listening to calls around military bases? The point is: we don’t really know whose they are.”

It is troubling on several levels! HTF could anyone erect a massive cell tower next to a military base, and nobody know anything about it??! Seriously?

6 Badtux { 09.07.14 at 6:49 pm }

Bryan, nobody has actually spotted the physical cell towers. What was spotted was their signal emissions hijacking your connection and kicking you down out of encrypted 3G into unencrypted GSM.

They’re near military bases so it doesn’t surprise me at all. If sh*t goes down on a military base, the military needs to shut down cell phone communications immediately to hinder communications between attackers, and the easiest way is for them to control the tower that provides cell service to the military base to begin with. Since they don’t have to comply with all the various FCC rules (something we have found out to our annoyance here on the West Coast when they continue blatting out noise on the ham radio 70cm band despite no reason to do so given that they have plenty of bandwidth on other bands), they don’t have to limit power — they can give enough power to insure that no “civilian” cell towers can serve the military base.

7 Bryan { 09.07.14 at 9:24 pm }

The way they contract out all of the jobs in intel, no one will ever convince me that the people with the contracts don’t have a second ‘business’ on the side utilizing the power the government gives them.

Steve Bates brought those towers up earlier, Badtux, and I explained that the military doesn’t allow cell tower construction on base, so there a lot of towers just off base to provide coverage. Whatever they are using is located on base and probably does not look like a cell tower for security reasons. The other problem is that it is totally legal and always has been for the military to monitor on-base communications for security purposes. That may be what is being detected, because radio signals don’t obey property lines.

8 Kryten42 { 09.08.14 at 6:13 am }

That makes sense Bryan. 🙂 I know we do that here. You do NOT want to use a cell phone/tablet etc for anything remotely sensitive within 5 KM of Victoria Barracks for eg! DSD has some very sophisticated snoopers and a ton of supercomputers under that place (And in Canberra, and a couple other Aus bases). The hilariously ironic thing for me is that the Politicians seriously do not know what a stupid idea it was to move DSD to Canberra (and why it was in Vic in the first place), and within a stones throw of Parliament! LOL I am pretty sure I know where all those Gov “leaks” are coming from! 😉 😀

Just goes to prove… Politicians are stupid. Have no clue about anything. And as well as being the enemy of the public, are their own worst enemies also! 😀

9 Steve Bates { 09.08.14 at 8:46 am }

David Harley at welivesecurity.com:

There have been many comments to this story from people who are assuming that these ‘towers’ are physical installations. There’s no reason to assume this is the case: it’s far likelier that they are mobile installations of the kind used not only by law enforcement and government agencies, but also by scammers and other criminals.

Sounds possible to me, but what do I know…

10 Bryan { 09.08.14 at 11:18 am }

Kryten, the people who lived next to Eglin AFB discovered that the decision by the companies that make garage door openers to build their systems around an ‘unused’ military frequency was a bad idea. A few years ago there was an exercise on Eglin and garage doors started opening and closing at random intervals all day long.

Steve, that was really my point at your place – if the military is doing it, it won’t look like a cell tower. With all of the stuff that is tested on my local base, I guarantee that they have the ability to block and otherwise interfere with all radio traffic that enters the base. You waive your Fourth Amendment rights if you enter a military installation, and there are signs telling you that at every entry point. This isn’t new, it has always been that way.

What is new is the fact that a lot of things that only used to happen on or around military bases is now happening everywhere, and that isn’t Constitutional or legal. It needs to stop and the people who approve it need to go.

11 Kryten42 { 09.09.14 at 11:00 am }

Well, I guess we’ll have to wait to find out for sure. Assuming we ever do! 😉

Looks like someone is willing to put money where mouth is regarding all the WP security problems recently. 🙂 I personally think this is a good idea worth trying.

ManageWP’s Vladimir Prelovac has proposed a crowd-sourced white hat security effort to clean up WordPress. After the Slider Revolution security scare, Prelovac says “The perception of WordPress being insecure is the greatest threat to the WordPress project today” and the solution is a white hat security program, stricter code reviews, and investment in the education of WordPress developers. To get the ball rolling, he’s committed $10,000 for an education fund.

An Open Letter to the WordPress Community: Let’s Solve Security Once and For All

Yeah… Well, I dunno about solving it “once and for all”! LOL But if they make it better than it is, that will be a start! 😀

Still, read the above to see an endemic problem to security issues! Ie. “Keep your mouth shut!” That does *NOT* help!

As Vladimir says:


The major problem is the current mindset and approach to security in the global WordPress community. After the Slider Revolution incident, its developers released a statement that among other things said:

The problem was fixed 29 updates back in 4.2 in February. We were told not to make the exploit public by several security companies so that the instructions of how to hack the slider will not appear on the web.

“We were told to keep our mouths shut” makes me scream. It also seems to be on the border of being legally pursuable. And cases like this – a major one almost each month – have really hit a point of no return, at least for me.

12 Bryan { 09.09.14 at 5:03 pm }

I have been attacked twice in a month and it was my host, not WordPress, that notified me. WordPress issued an upgrade, but they didn’t issue a warning about the existence of a problem. Having already started the Beta release process for version 4, people needed to be told why it was necessary to update to 3.92 ASAP, but all WordPress did was send out a release notice.

Get a grip. You don’t have to explain how to do something when you want to warn people about a problem. Tell them about the effects because that is what is important to everyone. Only a minority of users would even understand what was being discussed if you waste time covering the cause. The cause is a bunch of jerks – every time that covers the cause. Tell people there is a problem and what they can do to protect themselves.