Wide-scale attack against WordPress blogs reported
Hackers may be building a more powerful botnet for subsequent, larger attacks
IDG News Service - Unidentified hackers are said to have have launched a large-scale attack against WordPress blogs and any hosts using weak passwords are urged to update them immediately.
Security firms have been tracking an escalating number of "brute force" attacks against WordPress installations, which have been trying out logins such as "admin" and then running through thousands of commonly-used passwords to try to break in.
"One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack," security and website performance firm CloudFlare said in a post Friday.
Security firm Incapsula told security blog KrebsOnSecurity that infected sites are seeded with a backdoor that gives the attackers remote control of the site. "The infected sites then are conscripted into the attacking server botnet, and forced to launch password-guessing attacks against other sites running WordPress," the site reported.
Hosting site HostGator also warned of the attack.
"As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence," HostGator said in a post.
"This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack," it said.
It advised anyone with WordPress installation to update their password immediately to one that meets the requirements on the WordPress website.
The attack gathered steam last week, died off somewhat and picked up again Thursday morning, it said. Symptoms of the attack are slow back-end performance or an inability to log in. In some cases sites may be inaccessible for a short time, it said.
HostGator said it was trying to mitigate the attack through its server farm but that it could only do so much.
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- Platfora Big Data Analytics for Network Security Platfora amplifies the effectiveness of network security analysis, providing Big Data Analytics capability to augment existing security infrastructure for known threats, and advanced...
- Cloud Computing Drives IT and Business Agility Hybrid Cloud Accelerates Time to Value What is the main focus for IT in your organization - cost or agility? Many IT discussions today focus on cost controls rather...
- Infographic:10 Reasons to Choose vCloud Air Looking to create an agile, productive, and efficient IT environment? Read this simple infographic to learn about the benefits that VMware vCloud® Air™...
- Cloud BI in Action: Recorded Webinar of Customer, Kony, Inc. See how Kony, Inc., a leading enterprise mobility company, is using TIBCO Jaspersoft for Amazon Web Services and Redshift to achieve embedded analytics...
- Cloud BI Overview: Jaspersoft for AWS Check out this overview of Jaspersoft for AWS, to easily and affordably build business intelligence solutions as well as embed visualizations and analytics... All Cyberwarfare White Papers | Webcasts