On August 10, 2016, a brute force attack targeted the Joomla administrator portal
(192.168.250.70). The attacker initiated reconnaissance activity from IP 23.22.63.114
before launching 411 login attempts against the admin account. A successful authentication
was later identified from IP 40.80.148.42 using HTTP status 303 redirect. The attacker
gained administrative access and defaced the website with the message 'YOUR SITE HAS
BEEN DEFACED'. The attack was detected through HTTP log analysis in Splunk.
