Tag Archives: Joomla

Outdated Joomla websites with JCE used to attack Beneficial Data Processing Corp and Regions Financial Corporation

Seeing requests to //tmp/wegh.php in Apache logs is probably not a good sign. Few days ago I wrote about how important paranoid firewall-output filtering is on a shared hosting server, today I’ll take a closer look on the next Joomla hack found active today. This time the “hacker” tried to attack the IP addresses 161.113.4.6 Read the full article…

Seeing strange UDP connections to 216.82.176.7?

Today the CSF firewall on one of our servers controlled by DirectAdmin started showing blocked outgoing UDP connections to 216.82.176.7 on ports 25, 80 and 443. kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=X.X.X.X \ DST=216.82.176.7 LEN=1421 TOS=0x00 PREC=0x00 TTL=64 ID=12594 \ DF PROTO=UDP SPT=39792 DPT=80 LEN=1401 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=X.X.X.X \ DST=216.82.176.7 Read the full article…