Part of what I do

Susan · August 27, 2015, 02:15:35 AM

Part of what the site pays me to do is to handle the security for the site. I was just watching the logs and saw this come through in real time.

66.226.4.53 - [27/Aug/2015:02:04:57 -0500] "GET /wp-login.php HTTP/1.1" 301 243 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:04:58 -0500] "GET /wp-login.php HTTP/1.1" 200 5065 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:01 -0500] "GET /wp-config.php.save HTTP/1.1" 301 249 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:01 -0500] "GET /wp-config.php.save HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:03 -0500] "GET /wp-config._ HTTP/1.1" 301 242 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:04 -0500] "GET /wp-config._ HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:05 -0500] "GET /config.txt HTTP/1.1" 301 241 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:05 -0500] "GET /config.txt HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:06 -0500] "GET /wp-config HTTP/1.1" 301 240 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:07 -0500] "GET /wp-config HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:07 -0500] "GET /wp-config.backup HTTP/1.1" 301 247 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:08 -0500] "GET /wp-config.backup HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:09 -0500] "GET /wp-config.bkp HTTP/1.1" 301 244 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:09 -0500] "GET /wp-config.bkp HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:10 -0500] "GET /wp-config.old HTTP/1.1" 301 244 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:10 -0500] "GET /wp-config.old HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:11 -0500] "GET /wp-config.OLD HTTP/1.1" 301 244 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:11 -0500] "GET /wp-config.OLD HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:12 -0500] "GET /wp-config.php_ HTTP/1.1" 301 245 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:13 -0500] "GET /wp-config.php_ HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:13 -0500] "GET /wp-config.php.2 HTTP/1.1" 301 246 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:14 -0500] "GET /wp-config.php.2 HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:15 -0500] "GET /wp-config.php.antigo HTTP/1.1" 301 251 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:15 -0500] "GET /wp-config.php.antigo HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:16 -0500] "GET /wp-config.php_backup HTTP/1.1" 301 251 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:16 -0500] "GET /wp-config.php_backup HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:17 -0500] "GET /wp-config.php.backup HTTP/1.1" 301 251 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:17 -0500] "GET /wp-config.php.backup HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:18 -0500] "GET /wp-config.php_bkp HTTP/1.1" 301 248 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:19 -0500] "GET /wp-config.php_bkp HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:19 -0500] "GET /wp-config.php.bkp HTTP/1.1" 301 248 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:20 -0500] "GET /wp-config.php.bkp HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:21 -0500] "GET /wp-config.php.BKP HTTP/1.1" 301 248 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:21 -0500] "GET /wp-config.php.BKP HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:22 -0500] "GET /wp-config.php_BKP HTTP/1.1" 301 248 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:22 -0500] "GET /wp-config.php_BKP HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:23 -0500] "GET /wp-config.php_old HTTP/1.1" 301 248 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:24 -0500] "GET /wp-config.php_old HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:24 -0500] "GET /wp-config.php.old HTTP/1.1" 301 248 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:25 -0500] "GET /wp-config.php.old HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:26 -0500] "GET /wp-config.php_OLD HTTP/1.1" 301 248 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:26 -0500] "GET /wp-config.php_OLD HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:27 -0500] "GET /wp-config.php.OLD HTTP/1.1" 301 248 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:27 -0500] "GET /wp-config.php.OLD HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:28 -0500] "GET /wp-config.php.save HTTP/1.1" 301 249 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:28 -0500] "GET /wp-config.php.save HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:29 -0500] "GET /wp-config.php_txt HTTP/1.1" 301 248 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:30 -0500] "GET /wp-config.php_txt HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:30 -0500] "GET /wp-config.php.txt HTTP/1.1" 301 248 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:31 -0500] "GET /wp-config.php.txt HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:32 -0500] "GET /wp-config.php.velho HTTP/1.1" 301 250 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:32 -0500] "GET /wp-config.php.velho HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:33 -0500] "GET /wp-config.php.antigo HTTP/1.1" 301 251 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:34 -0500] "GET /wp-config.php.antigo HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:35 -0500] "GET /wp-config.txt HTTP/1.1" 301 244 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
66.226.4.53 - [27/Aug/2015:02:05:35 -0500] "GET /wp-config.txt HTTP/1.1" 200 106476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"

They attempted to access the wp-config and a variety of backup formats. If they had been able to successfully access the file, they would have the login credentials for the database server potentially gaining access to the databases for the site. Since I monitor the logs, I detected this as it was under way and blocked them from further accessing the server.

In our situation access to the database server is limited to the localhost only. So they would have still been unable to gain access to any information.

I see and block scans and probes like these on a regular basis. One of my jobs is to make this site as secure and as hard to penetrate as possible, protecting you and your information from exposure like what is happening with Ashley Madison users right now.

Since 1996 I can count successful penetrations on one hand, and not one of those successfully accessed any user information.

stephaniec · August 27, 2015, 02:32:36 AM

good to know

Marcia · August 27, 2015, 11:43:22 PM

Thanks Susan. Most people don't give you enough credit for what you do. Since you do what you do so well we don't notice what you do.

Dena · August 28, 2015, 12:27:10 AM

Got a little curious (spelled nosy) and wanted to learn a little about our "friend". Based in Los Angles and should be pretty easy to track down.
Using a static IP address for hacking and living as many years in LA as I did, Alchemy Communication is a pretty small internet provider as most people get their internet from the telephone company. They seem to be limited to business who require higher band width. In any case, these guys may not know they are providing service to a hacker http://www.alchemy.net
IP:   66.226.4.53
Decimal:   1122108469
Hostname:   mail.idamber.com
ASN:   7296
ISP:   Alchemy Communications
Organization:   Alchemy Communications
Services:   Likely mail server
Type:   Corporate
Assignment:   Static IP

Ms Grace · August 28, 2015, 01:04:04 AM

Thanks Susan... another reason why people should be donating to help you help the site.

Mariah · August 28, 2015, 10:09:47 AM

Thank You Susan. As Grace stated a huge reason why donations are so important.
Mariah

Susan · August 28, 2015, 12:51:13 PM

Ya I looked it up, 80% odds it's a compromised server being used to scan for potential victims.

newlady · November 05, 2015, 10:48:57 PM

Ive just read this post and its scary that there are people that would want to ruin what we have here. We struggle with a lot of things in the big bad world when we are transitioning, and to have a place like this to be ourselves safely is priceless.
Thank you Susan for keeping this site safe.

Bernadette.

LizK · November 07, 2015, 02:15:42 AM

Thankyou...

Susan · November 07, 2015, 02:34:09 AM

On the downtime today....

Quote from: Cindy on November 07, 2015, 02:07:13 AM
As you would have noticed the site has been down. I got a phone call from Susan this morning my time. The hard drives had failed.

We have bought new ones. Susan has been working non-stop and has another 12 hours or so of work to get the site up.

Our servers are now over 3 years old. I know, I bought them.

They need replacing, how about some help please?

We were $350 down last month, that is the money Susan needs to keep working on the site. She works non-stop on this site to provide a service to YOU.

Did you miss the site while we were down? Is this site worth a few dollars to you?

If it is, please donate or subscribe.

If you are broke we understand. Susan, I and the generosity of a few others will keep the place going, but if you can spare a few dollars a month for what we do - please donate.

If you are capable of funding at large level, please contact Susan or I - you can remain anonymous if you wish.

Please help if you can.

Cindy

Lyndsey · December 27, 2015, 05:49:26 PM

Hi all

I have been out of work for a year and a half now and a soon as I get back on my feet I can promise you a big donation as this site is a blessing to all of us that use it and and information highway.also there are so many people that have already been threw the hard times that help guide us threw some crazy situations. I love being here and love to help anyone that I can. It is nice to see a place where we help each other and not bash or degrade anyone as that is something that I hate. everyone is in title to there opinion but there is a way to be nice about it and not in the public forum.

Hug's
Lyndsey

Susan · December 30, 2015, 02:26:32 PM

Thank you for your kind words

stephaniec · December 30, 2015, 03:39:09 PM

I'm sorry I'm not able to contribute because I'm on welfare , but if I could I would , the site is well worth it.

Faith Rena · December 30, 2015, 03:40:37 PM

And Susan, thank you so much for everything your doing! You couldn't imagine how much hope and help you bring to people.

Faith Rena · December 30, 2015, 03:41:50 PM

Sorry.. Still learning how to use this. My first reply said I completely agree with Lyndsey, and I will donate some day, when and if I can. But, however, I will try my best.

Lyndsey · December 31, 2015, 12:08:47 PM

Quote from: Susan on December 30, 2015, 02:26:32 PM
Thank you for your kind words

Hi Susan

You are very welcome and appreciate all you do for us here.

I know It must be so time consuming and a very difficult task as all the new threats out there on the internet. I love being here and will alway try to be positive.

Hug's
Lyndsey

News:

Part of what I do

newlady