Yesterday morning we had a client who’s got a site on a virtual server email to say:

Hi Oban –

I just had a business colleague say that he went to my site, got a malware warning, and his entire hard drive was wiped out instantly.

37.9.61.64 – – [13/May/2012:02:31:52 -0600] “POST /wp-login.php HTTP/1.1” 302 – “http://www.customersite.com/wp-login.php” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)”
37.9.61.64 – – [13/May/2012:02:31:53 -0600] “GET /wp-admin/ HTTP/1.1” 200 58813 “http://www.customersite.com/wp-login.php” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)”
37.9.61.64 – – [13/May/2012:02:31:55 -0600] “GET /wp-admin/theme-install.php?tab=upload HTTP/1.1” 200 23486 “http://www.customersite.com/wp-login.php” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)”
37.9.61.64 – – [13/May/2012:02:31:56 -0600] “POST /wp-admin/update.php?action=upload-theme HTTP/1.1” 200 21931 “http://www.customersite.com/wp-admin/theme-install.php?tab=upload” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)”