A highly distributed attack targeting websites running the WordPress application has been detected. The attack uses a method of password guessing known as Brute Force, a system that utilises a combination of 1000 of the most common usernames and passwords to gain access through the WordPress administrative console.
WordPress is one of the largest blogging applications on the planet and is currently responsible for the powering over 64 million blogs worldwide (according to WordPress on 15th April 2013). At the point of writing the identity of those responsible is unknown, however analysts are reporting that over 90,000 IP addresses to bombard WordPress powered sites in what is being described as one of the most powerful and destructive botnets ever seen. The most common example of a botnet attack are the recent distributed denial of service (DDoS) targeting some of the worlds largest banks.
Speaking to KrebsOnSecurity, Marc Gaffan of hosting provider Incapsula says:
“It’s hurting the service providers the most, not just with incoming traffic,but as soon as those servers get hacked, they are now bombarding other servers with attack traffic. We’re talking about Web servers, not home PCs. PCs maybe connected to the Internet with a 10 megabit or 20 megabit line, but the best hosting providers have essentially unlimited Internet bandwidth. We think they’re building an army of zombies, big servers to bombard other targets for a bigger cause down the road.”
Essentially once the site has been hacked the botnet creates a backdoor into the site meaning that even if the blogger changes their password the attacker can still control the website. The infected blog’s are then are used to attack other sites.
Another hosting company, one of the largest based in the U.S., HostGator, posted a blog stating:
“As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence. This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack.”
WordPress themselves released a recommendation to WordPress bloggers still using the admin username (this was the default username for all bloggers in older versions of WordPress), stating:
“Here’s what I would recommend: If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem.”
To help the blogging community Backup Technology provide a free WordPress plugin with 100MB of space to backup their valuable website data. So by implementing the recommendations of WordPress and by regularly backing up your important WordPress data, your can be rest assured you are fully covered if the worst happens to your blog.
Protect your blog today by clicking this link to download the plugin and follow the simple installation instructions.
