Posts Tagged ‘wp secuirty’

Worldwide Brute-Force Attack on WordPress Sites

Published by Baden Maxwell on April 21st, 2013 - in Wordpress Security

 
On April 11th, there was a worldwide, highly distributed WordPress attack, leaving scores of WordPress powered websites vulnerable and under threat from a massive brute-force botnet.
Wordpress Logoin Crosshairs  image
 
Thousands of sites using the WordPress system have been targeted in an extremely well-organized attempt to obtain admin entry by using brute-force methods (continual multiple login and password cracking attempts).

 
The sites that are the easiest targets and most at risk – and the ones that are consistently being compromised – are sites using the default username “admin”, sites that DO NOT have even basic security measures in place, and any sites that are unmaintained or running out-of-date extensions and plugins. The lack of basic security precautions, and inconsistent or nonexistent maintenance and updating is a major concern, and any business using the WordPress application needs to seriously evaluate its website security practices if they aren’t implementing effective measures.

 
Analysts are also warning that this may only be the beginning, as announcements from the group claiming responsibility for these botnet attacks, warn that they are continuing to evolve and broaden the botnet’s targeting focus.

 
Major tech and online security companies fear that the attackers are at this moment, working on building an even bigger botnet, one that is far more powerful than anything ever seen before.

 
To date, it has been reported that over 90,000 compromised IP addresses are being used to launch these attacks, with thousands upon thousands of passwords being used by these IP’s to hack into their targets.

 
For now, the botnet is limited to only using home PCs to spread its infection. However, reports from major hosting companies have confirmed that the attackers are targeting WordPress installations on nearly every web-host in existence, and are now attempting to use the powerful hosting servers to launch a much stronger botnet. Matthew Prince, CEO of CloudFlare, wrote;

 
“These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic.”

 
Prince referenced the “itsoknoproblembro”, or “Brobot”, botnet that started launching DDoS (distributed-denial-of-service) attacks in Sep 2012 against many major US Banks, including Bank of America, U.S. Bank, Wells Fargo and more.

 
HostGator has confirmed that they are a major target, with over 90,000 IP addresses targeting their WordPress machines, with many other major global hosting companies experiencing similar targeted attacks as well. Read Hostgators’ Sean Valants blog post about this brute-force flood.

 
As expected, the global hosting industry is working with their clients to launch counter-strike and anti-strike measures to combat this threat. But until the true extent of this threat is known, many WordPress users will find themselves extremely vulnerable in the interim.

 
So, what can you as a WordPress user do to ensure your safety and security?

 
As we said earlier, it seems the botnet is targeting sites using the “admin” username – for now! So the absolute bare minimum you need to do IMMEDIATELY, is change your password if you’re using that username. Even if your username isn’t “admin”, it’s still highly recommended that you change your password as well.

 
We recommend using a password that contains AT LEAST, 8 characters, with a broad mixture of letters (upper & lower case), numbers and special characters (#@&*^). Your aim is to make your password extremely difficult to crack using known dictionary words or letter/number combinations.

 
Once you have established a high-level secure password, it’s essential that you change your login username ASAP. For an in-depth tutorial on how to perform this task properly, CLICK HERE. If you have a webmaster that performs all your backend admin tasks, you’ll need to contact them ASAP to get this done immediately.

 
You should also consider installing a login attempt limiter plugin on your site. We use Limit Login Attempts on all of our sites and give it high recommendations.

 
As another security precaution, we also recommend you follow Hostgators procedure for WordPress Login protection measures (you don’t need to be a Hostgator customer, as long as you have cPanel access on your hosting account you’ll be able to follow the steps). CLICK HERE to follow their step-by-step procedure.

 
For more information on the vulnerabilities of WordPress-powered websites, check out our informative article HERE.

 
You can also get in touch with us and we’ll be more than happy to help you secure your site, or guide you in the right direction to get your online presence protected. VIEW OUR WP SECURITY SERVICE.

 
We hope that your website and online presence is secure, and that if it isn’t, you’re not affected by this henious botnet attack. If you do plan on using WordPress again in the future, ALWAYS remember to change your username from the default “admin”, and choose a password that is extremely difficult to crack.

 
All the best

Baden

 
Related News
 
New DDoS Attacks Hit Game Sites

DDoS Attacks on Major US Banks Resurface

DDoS Attacks Against US Banks Peaked at 60Gbps

Lessons Learned from the US Financial Sector DDoS Attacks
 

Share
© iWEB Marketing NZ
All Rights Reserved 2013.