WordPress Targeted by Mass Brute-force Botnet Attack

  • vehicros

    (@vehicros)


    11 years ago

    In the past 6-8 weeks I noticed the server which stores my websites including around 30 wordpress sites, to be running slow, and acting very unusual. And each time I contacted the hosting provider, they claimed everything was fine, and that they did not notice anything.

    During the course of 6-8 weeks, the downtime became worse, and still the hosting provider claimed nothing was wrong.

    Then, sometime around the weekend of April 12 2013, I noticed I was not able to log into the majority of my wordpress installations, nor was I able to use the password reset feature, it simple was not found. I knew my passwords were correct, but I still was not able to log in.

    After several attempts to correct the issue myself by either reinstalling backup files and database, and even creating a new wordpress installation, I realized the solution would not be easy.

    It wasnt until I contact a different hosting provider that I was informed of the Mass Brute-force Botnet Attack.

    Although the majority of information published says only sites using “admin” as the username were affected, which is not true at all.

    NONE of my wordpress installations use admin as the username, and still they were not only hacked, preventing me from logging in, but also from using the lost password function.

    It is believed that the attacks are still continuing as we speak.

    Also note, it is NOT advisable to use plugins to prevent this sort of attack, it could only make matters worse.

    Also, the thing that bothers me the most is the fact that other than one very small paragraph about the attack was noted on the wordpress.org site.

    I have to ask,, Why is this critical information not shared via the wordpress site?

Viewing 1 replies (of 1 total)
  • Mark Ratledge

    (@songdogtech)

    11 years ago

    @vehicros said:

    Why is this critical information not shared via the wordpress site?

    Did you read the sticky post at the top of the How-To and Troubleshooting forum?

    and also said:

    Although the majority of information published says only sites using “admin” as the username were affected, which is not true at all

    Your site(s) got hacked from some other vector, probably from insecure accounts on the same server.

    and also said:

    During the course of 6-8 weeks, the downtime became worse, and still the hosting provider claimed nothing was wrong.

    That’s the host, not WordPress.

    and also said:

    Also note, it is NOT advisable to use plugins to prevent this sort of attack, it could only make matters worse.

    That’s completely wrong.

    From http://wordpress.org/support/topic/brute-force-attacks-and-wordpress?replies=2 :

    It’s important to remember that this kind of attack is not specific to WordPress. WordPress is just too darn popular. If you’re getting really hammered and can’t even get to your server to install plugins or tweak .htaccess, contact your webhost immediately. They’re the ones who can help you best in that moment.

    Which is true, for all CMS’s. If everyone looked at their web site error logs, they’d see constant attacks 24/7/365 by all kinds of bots and hackers, not only the most recent WordPress-focused attacks.

    And http://codex.wordpress.org/Brute_Force_Attacks :

    (the attacks) are, in short, an attack on the weakest link in any website’s security: You…. This sort of attack is not endemic to WordPress, it happens with every webapp out there, but WordPress is popular and thus a frequent target.

    And http://ma.tt/2013/04/passwords-and-brute-force/

    Almost 3 years ago we released a version of WordPress (3.0) that allowed you to pick a custom username on installation, which largely ended people using “admin” as their default username.

Viewing 1 replies (of 1 total)
  • The topic ‘WordPress Targeted by Mass Brute-force Botnet Attack’ is closed to new replies.