Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

WordPress sites under massive brute-force attack

Any owner of WordPress site is shaking causes of the threat that someone could steal its credentials, everybody would do well to ask themselves if their passwords are really strong and to make sure to don’t use as username the word “admin.” The reports published by CloudFlare and HostGator revealed a massive attack being launched against WordPress blogs […]

wordpress plugins

Any owner of WordPress site is shaking causes of the threat that someone could steal its credentials, everybody would do well to ask themselves if their passwords are really strong and to make sure to don’t use as username the word “admin.”

The reports published by CloudFlare and HostGator revealed a massive attack being launched against WordPress blogs all over the Internet, the alert is related to a massive brute-force dictionary-based attack that could expose the password for the ‘admin’ account of every WordPress site.

“At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).”Hostgator recommended to its users.

CloudFlare CEO Matthew Prince revealed to the Tech Crunch web site that the attackers used a botnet composed of about 100,000 bots  and almost every WordPress site on its networks has been attacked.

The position of HostGator is not different, the company revealed a structured attack that originated at least from 90,000 different machines.

According Sucuri study:

“As you can see from our numbers, we were seeing 30 to 40 thousand attacks per day the last few months. In April 2013, it increased to 77,000 per day on average, reaching more than 100,000 attempts per day in the last few days.” 

The situation is critical for various reasons, the exposure of WordPress password could open the doors to the attacker that could hit the web site targeted and in case the password is shared between various web services he could gather the access to further precious information.

CloudFlare experts believe that attackers are still arranging their offensive trying to recruit new machine and building a larger botnet to involve a further attack, the security team is convinced that the botnet is actually composed by Home PCs having reduced capabilities.

Hosting providers of all the world are implementing measures to protect their assets and customers against the attacks, a good defense could be for example the installation of a plug in that limit the number of login attempts from the same source (e.g. Wordfence Security) and of course it is suggested to adopt strong passwords.

WordPress founder Matt Mullenweg declared that another good measure to mitigate the attack is the change of ‘admin’ username.

It’s not first time that hackers hit the popular WordPress, in 2012 a flaw in outdated version of TimThumb, a php script for cropping, zooming and resizing web images used as the default by many WordPress templates exposed the community to a serious threat.

It’s also suggested to all site hosted on WordPress.com to activate two-factor authentication to improve overall security, other good practices are the use .htaccess to protect the admin area and rename of login pages.

Pierluigi Paganini

(Security Affairs – Hacking)