Global DDOS Attack on WordPress Sites

Global DDOS Attack on WordPress Sites
blogdefender-hackedscreen

One of the signs of a good webhost is that they keep you up to date on important stuff…

On 9th April I was informed by my hosting company that they were experiencing a pretty big “Brute Force Attack” and that they were taking pro-active action to mitigate the effects.

As it happens, neither of my decicated servers, or my VPS, have had any down time since the attack began, that’s what you get from using a good web host company.

My blogs have not been hacked either, as I have secured them as per the BlogDefender.com WP security process. It works. 🙂

Now it turns out that this attack is one of the most significant ever, simply because of it’s scale. The “Botnet” in question is using over 90,000 unique I addresses (from compromised/hacked computers across the world) and attacking a large number of hosts across the globe, specifically targeting WordPress sites.

Securi.net have seen an increase in brute force login attempts increase from 31k per day last month to over twice that, at 77,410 per day this month!

In fact they say that brute force attacks against WordPress have trebled in recent months!!!

and here’s a quote from HostGator’s blog: –

“there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence. This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack.”

Some hosts have had to go to pretty extreme measures to keep their servers and their customers sites up and running, even so far as to globally disable access to wp-login.php on sites, so their owners are locked out until the host can put a better solution in place.

Again, neither of my dedicated servers had this happen, as both hosting companies were able to deal with the problem in other ways, without causing clients like myself a problem.

This botnet is mainly targeting /wp-login.php and /wp-admin to try and get access using brute force, and obviously the main target for login attempts is the username “admin”

The top passwords targetted include some fairly obvious one’s, make sure you’re not using something as weak as any of these:

admin
123456
666666
111111
12345678
qwerty
1234567
password
12345
123
123qwe
123admin
12345qwe
12369874
123123
1234qwer
1234abcd
123654
123qwe123qwe
123abc
3123qweasd
123abc123
12345qwert

if you are using something like this then you may already be hacked…

We’ll be sending out an update to BlogDefender.com members shortly on how to check to see if you have been compromised.

so what about some practical advice…

The most important thing you can do right now is:

1. Make sure you have a super strong password
2. check out BlogDefender.com for a full, step by step, WordPress security tutorial.

Extras:

1. delete any unused plugins & themes
2. setup an “admin” that doesn’t use the name “admin”, and delete the one that does
3. make sure all your plugins, themes & version of WP are up to date

please hit the “like”, “share” or G+1 button(s) if you found this useful… 🙂

Sources:
http://blog.sucuri.net/2013/04/mass-wordpress-brute-force-attacks-myth-or-reality.html
http://www.siliconrepublic.com/strategy/item/32269-massive-brute-force-attack/
http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/
https://krebsonsecurity.com/2013/04/brute-force-attacks-build-wordpress-botnet/
http://www.bbc.co.uk/news/technology-22152296

Recommended Hosting:

Unixy
LiquidWeb

Leave a Comment