Previously we have posted about Global Attack on WordPress Sites.
There is an on going and highly distributed, global attack on WordPress installations to crack open admin accounts and inject various malicious scripts.
The purpose of the attack isn’t entirely clear, but as security researcher Brian Krebs reports, currently most of the attacks seem to be sourced from PCs, not servers. The attack seems to install a “backdoor [that] lets the attackers control the site remotely.” Those backdoors will presumably be used to some followup attack at a later date, and in theory could cause more damage than a PC-based botnet attack.
Reports are released from world over by various sources that a huge network of over 90,000 IP addresses has been targeting WordPress blog installations with a brute force attack, attempting to gain access by using the default “admin” username by trying multiple passwords. Some prominent hosting providers, report that the scale of the current attack is much larger than usual. CloudFlare tells The Next Web that is has blocked 60 million requests in the past hour. HostGator describes it as a “global attack on WordPress installations across virtually every web host in existence.”
If you have a WordPress blog, you’re encouraged to strengthen your administrator passwords as a start — We have already shared various other methods on how to harden WordPress Security.
Word from the anti-DDoS world is also same that a botnet is responsible, with estimates of “up to 90,000,” “more than tens of thousands,” and “up to 100,000” infected computers (all those figures can be true at the same time, of course) orchestrating the felonious login attempts.
Since it would take too long to try every possible username and password on every known WordPress or Joomla server, this onslaught is using what is known as a dictionary attack.
That’s where a crook settles on a list of the most likely usernames and passwords, and tries those in quick succession.
The idea is simple: automate the password guessing, speed up the attack, and don’t spend too long on any individual site.
Look for the low-hanging fruit, and harvest it as quickly as you can; if you can’t get in within a few hundred or thousand attempts, move on to the next potential victim.
We strongly recommend backup your WordPress Installation, just in case anything goes wrong, and also change your Admin user name and Passwords to more strong ones, consult your web host and follow the security measures to safeguard your WordPress website installations.