djbaxter

Administrator
Administrator
Moderator
Joined
Jun 28, 2012
Messages
3,511
Reaction score
1,654
Brute Force Attacks Build WordPress Botnet
Krebs On Security
April 12, 2013

Security experts are warning that an escalating series of online attacks designed to break into poorly-secured WordPress blogs is fueling the growth of an unusually powerful botnet currently made up of more than 90,000 Web servers.

Over the past week, analysts from a variety of security and networking firms have tracked an alarming uptick in so-called “brute force” password-guessing attacks against Web sites powered by WordPress, perhaps the most popular content management system in use today (this blog also runs WordPress).

According to Web site security firm Incapsula, those responsible for this crime campaign are scanning the Internet for WordPress installations, and then attempting to log in to the administrative console at these sites using a custom list of approximately 1,000 of the most commonly-used username and password combinations.

This, as you can see by the dateline, is not a brand new story but it is continuing to grow as a threat, with several hosting services being hit by the botnet in a search for vulnerable WordPress installation, at a rate which amounts to a Disributed Denial of Service attack:

Indeed, this was the message driven home Thursday in a blog post from Houston, Texas based HostGator, one of the largest hosting providers in the United States. The company’s data suggests that the botnet of infected WordPress installations now includes more than 90,000 compromised sites.

“As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence,” wrote HostGator’s Sean Valant. ”This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack.”

HostGator’s Valant urged WordPress administrators to change their passwords to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*). For more on picking strong passwords, see this tutorial. Users can also restrict access to wp-admin so that it is only reachable from specific IP addresses.
 

djbaxter

Administrator
Administrator
Moderator
Joined
Jun 28, 2012
Messages
3,511
Reaction score
1,654
This is just one recent example from today:

Multiple Servers Instability/Outages due to WordPress attacks
A Small Orange Hosting Status Updates
January 16, 2014

Today, multiple servers have undergone a few heavy WordPress brute force attacks which are caused instability for some servers and a heavy load on those servers services, leading to some outages and pockets of downtime. Our Tech team is continuing to work on filtering and shielding these servers from these attacks.

As servers are affected, we will post the servers here. Today, we have seen attacks against Merle, Morrow, Franklin, and Drrockso. Currently, all ASO servers appear stable though we do have some indications the attack itself as a whole is not fully over.

For more information about this type of attack, why it is perpetrated, and what it's ultimate goal is you can read this article, which explains in layman's terms the attack, and its affect on web servers. Brute Force Attacks Build WordPress Botnet — Krebs on Security

We again encourage you to utilize best practices with your WordPress site, which include:

 

Linda Buquet

Moderator
Local Search Expert
Joined
Jun 28, 2012
Messages
13,312
Reaction score
4,241
Scary scary stuff.

Thanks for posting to be sure everyone knows about this David.

I didn't until you told me. Now I'm worried about my blogs which I have not updated for awhile since I don't use them anymore. But I don't want them compromised either. YIKES!
 
Similar threads
Thread starter Title Forum Replies Date
djbaxter WordPress: The NoneNone Brute Force Attacks: Currently Active Websites, Software, and Security 0
Dan Foland Has anyone else been experiencing a rise in Brute Force attacks on WordPress recently? Websites, Software, and Security 4
djbaxter Marked jump in brute force attacks against WordPress sites Organic SEO 0
djbaxter How To Use the new noindex and force redirect custom addon for threads Admin Stuff 0
djbaxter Testing new noindex and force redirect custom addon by TickTackk Admin Stuff 0
djbaxter NEW Forcing a link to NOFOLLOW How To Guides 0
Annika Neudecker Microsoft forcing Office ProPlus users to Bing Paid Search and Local Service Ads 5
djbaxter Custom BBCode to force nofollow links Local Search Experts Forum 0
Diogo Ordacowski GMB Messages - Now Forcing Setup Through Google Play or App Store Install on mobile phone? Google My Business & Google Maps 4
djbaxter CEO sentenced to prison for attempt to force Google to remove defamatory reviews Local Reviews 4
Lloyd Silver Messy Situation: NAP inconsistencies and a suboptimal forced official website Help & Support for Google Local 2
JoyHawkins How to Force Google to Change the Radius on the Map Google My Business & Google Maps 3
HurricaneK8 More Toronto condo spam! Help fight the forces of evil! Spam on Google 4
V Updated address, never showed, called to fix. forced to google+ Disapeared Google My Business & Google Maps 7
J Being forced to hide the address of a retail location Service Area Businesses 2
johncrenshaw Being forced to hide the address of a retail location Service Area Businesses 2
KungFuBacklinks Google Plus Business Page - Being FORCED to Verify?? Google My Business & Google Maps 15
Mike Wilton Google+ Local Now Forcing G+ Business Merges? Google My Business & Google Maps 9
S Demand Force and other similar companies Local Reviews 14
Travis Van Slooten Google Maps Cash System Forces Your Site Onto Google's First Page! Local Search 12
djbaxter WordPress Sites Targeted in Large-Scale Attacks Websites, Software, and Security 0
CraigJMount COVID-19 Business Review Attacks Local Search 1
djbaxter Active Attack on Duplicator Plugin Vulnerability Websites, Software, and Security 0
Tiggerito Unfortunate event has triggered review and image attacks across multiple listings Help & Support for Google Local 6
Jorge Spammer attacks again. Tired of reporting GMB Help & Support for Google Local 27
JBencsko GMB Spam Attack Spam on Google 11
djbaxter WordPress Rich Reviews Plugin Under Active Attack Websites, Software, and Security 1
djbaxter Malicious WordPress Redirect Campaign Attacking Several Plugins Websites, Software, and Security 1
S When a business is attacked via GMB ratings Ranking Puzzles 20
A Negative Review Attack Local Reviews 9
WAHamilton Negative Review Attack on Client GMB Page Local Reviews 16
djbaxter Criminal biker gang Nomads attacking businesses with 1-star reviews Local Reviews 3
djbaxter Chrome Extension Attacks Target Site Owners Forum Tech Support 1
djbaxter Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites Forum Tech Support 7
Linda Buquet Twitter, Reddit and Many Other Sites Down due to Major DDoS Attack Marketing 3
Linda Buquet Jeweler Attacked by Hundreds of Fake 1 Star Reviews - Facebook Refuses to Act Local Reviews 2
Linda Buquet Warning: Google Blocks Thousands Of WordPress Sites - Malware Attack - Check Clients Websites, Software, and Security 2
A Banned for Attacking Member (Yext) Recycle Bin 1
Dustybones How To Spot a Real Negative SEO Attack Local Search 1
Dustybones Have you been hit with a negative SEO attack? Local Search 4
R A starter plan for attacking Local Search Local Search 9
H Bad Spam Attack Recycle Bin 2
Linda Buquet Re: Attack of the Bad Google Local One-Boxes? Other Algo Changes? Recycle Bin 0
Linda Buquet Attack of the Bad Google Local One-Boxes! Google My Business & Google Maps 93
djbaxter WordPress, Joomla, etc., under attack Websites, Software, and Security 1

Similar threads

Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

Most UpVoted Answers

LocalU Podcasts

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Google Product Exert


Top Bottom