Hackers first try and access the users database at: /wp-json/wp/v2/users/. If successful you next see repeated attempts to log on to the site, reflected in hits on /wp-login.php & /xmlrpc.php. This is what a WordPress brute force attack looks like: As you can see these hits come from all over the world:
These PowerShell scripts list the remote IPs connecting on 443 , while filtering out local IPs and devices on ATT (107.77)
Cellular providers use specific IP ranges that can be filtered.
The Cisco Any Connect Client does not allow you to save a password on the client. This code when saved as a .vbs file will let you get around this. Be warned that the client’s password is saved in clear text in the file. I hide the file in Drivers and create a shortcut to it with the… Read More »
If you are seeing the following error, on messages in the Symantec Messaging Gateway queue: 450 4.4.1 [internal] Connection Timed Out These messages are being interrupted during transmission. This leads to the sender receiving a delayed delivery notice. This is caused by something in the message being rejected by the Cisco router during inspection of the traffic. To… Read More »
If the Cisco VPN launches, but no window appears delete this file: C:\Program Files (x86)\Cisco Systems\VPN Client\vpnclient.ini
You can connect a Windows home edition PC to a domain as follows: Change the PCs workgroup to the domain name (pre-Windows 2000) Change the local username and password to exactly match a domain account. The PC should now have full access to Outlook, network shares and printers without entering credentials.
This post details the features of each product we deploy: https://support.symantec.com/en_US/article.INFO3162.html
There has been a rise in the number of instances of email addresses being spoofed. A new technique of masking the sender address by adding a “direct reply to” address, has increased the likelihood that a user will be fooled. The real sender address can only be detected when the user hits reply, at which point the new… Read More »
Reverse DNS or rDNS is one of the older methods used to verify an email was sent from the domain. It is a record created by the ISP and not the DNS records associated with the domain. It should be setup anytime an ISP is added or changed. Each ISP has their own way of setting these up… Read More »