Joomla Web Design Joomla Web Design

Inzinc Web Design Service and Joomla!™ Development

Posting the latest relevant news related to your Joomla!® installation. Also reviewing and discussing components and extensions that will make your life easier.
Font size: +

Securing Yourself Against ZmEu or w00tw00t Scanner Bots

Securing Yourself Against ZmEu or w00tw00t  Scanner Bots

On the move since 2009 when it was created in Romania and no doubt sold on the dark web only to be re purposed for many malicious reasons. One of the reasons we are starting to see is the set up for a massive DDOS attack, multiple even. The take down of Dyn computing seems to be only the beginning. 

Vulnerability scanner does what the name say. A prodding bot looking for holes in your security so criminals in many countries including Russia, China et al. can put phishing software on your site. So if there is anyone who owns a website especially a Wordpress or PHP based site protect your sites and stay up to date on the latest security news.

attacker was looking for a loophole in that system. That attack was being performed from China.

https://linux.m2osw.com, 2014

What is the ZmEu Exploit Vulnerability Scanner (Software org. Romania circa 2009)

A bad software that scans for vulnerabilities in your web server (Wiki) . A bad person who wants to use your website to steal Apple Id's and credit card info. In the latest event in regards to the so called "ZmEu" hack team, they attempt to install a phishing site resembling Apple's website in our home directory. Alas people will then be redirected to this site on your server in order to be scammed.

Example folder name: /home/public_html/ssl.Apple-ID-recheckbill-idwmid46589.sslservices/

So if you are website owner pay attention to your security and run through our checklist to help secure your site.

Linux M has an extensive comment section on tip and advice: https://linux.m2osw.com/zmeu-attack

Server security checklist

  • Back up you site at least monthly
  • Check you folder permissions

files should be: 644
folder: 755

More site of interest:

Basic forensic on Zmeu software: https://ensourced.wordpress.com/2011/02/25/zmeu-attacks-some-basic-forensic/

Known Hacking IP's Used to exploit servers (Get a Firewall and block these):

Find the IP blocker in your Cpanel and block the below IP's

109.70.2.100
114.35.48.216
116.254.203.24
117.103.223.26
117.135.143.64
118.26.17.170
121.189.62.84
12.219.41.222
122.224.6.43
122.72.76.130
123.231.66.85
1.234.31.20
1.234.4.16
173.234.163.99
174.120.179.66
178.124.132.111
178.73.196.246
180.131.3.12
184.106.213.172
184.106.220.5
184.154.22.68
184.173.112.132
189.254.67.74
190.187.148.146
193.193.194.30
194.140.232.13
195.77.92.237
200.102.9.34
202.102.70.84
202.137.23.131
202.143.145.27
203.158.223.152
203.91.121.71
208.68.209.241
210.211.100.172
211.152.55.131
212.72.26.163
216.12.205.234
217.109.182.24
217.12.246.187
217.145.71.1
217.15.123.102
218.16.230.104
218.29.115.152
219.153.1.229
220.66.7.180
221.13.34.3
222.122.186.200
222.36.0.46
223.85.245.54
41.203.119.18
41.93.32.3
46.165.193.147
46.166.178.166
50.22.86.10
58.141.76.253
59.173.18.100
5.9.75.60
60.248.147.85
61.145.246.100
64.250.114.155
66.161.176.108
67.152.51.22
69.13.149.83
70.36.118.56
72.34.32.121
72.51.39.133
74.55.241.170
74.82.51.213
77.238.8.148
79.99.41.36
80.250.166.21
80.86.83.93
81.0.119.24
81.91.109.11
82.213.78.2
84.237.80.106
85.100.42.26
91.149.145.55
93.157.174.2
94.23.34.76
95.13.23.252
95.163.100.31​
62.112.194.132
85.158.253.153
91.192.194.216
121.242.207.140
201.116.227.194
208.109.154.147
211.181.102.144
109.104.76.142
173.236.13.58
202.201.14.232
209.217.106.3
216.14.84.212
62.149.202.70
64.29.139.254
67.19.202.114
70.84.219.250
71.6.165.142
72.1.100.236
78.110.161.11
78.46.40.163
81.0.199.65
81.28.196.116
87.230.54.108
88.191.39.161
93.182.137.2
75.127.68.106
78.111.81.180
112.95.145.153
89.108.119.29
77.222.43.19
89.208.136.210 

Recommended security software for Wordpress & Joomla

aesecure is by far one of the most advanced  protection for your hosting account with Wordpress or Joomla support. Before using this software please back up. Even thought we have done 100's of installations, we have encountered some issues in only a couple. Visit Aesecure here

Centora security comes with a free firewall and is an excellent security software with FREE and Paid versions. Visit Centora security

Stop and block brute force attacks. For Joomla only, visit website.

Eyesite check your files on server and detects if any have been changed. Visit website

Very robust security suite for Wordfence. One of the best FREE (&Paid) software for WordPress. Visit site here

Rate this blog entry:
Register a Keyword Rich Domain Today

Client Log In

Email Address: Password:

Contact Us

Montreal, Que


(514) 883.1412
(888) 688.3066
This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Houston, Tx

(832) 487.8284
(888) 688.3066
This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Calgary, Alt

(403) 774.7334
(888) 688.3066
This email address is being protected from spambots. You need JavaScript enabled to view it.