Bots Attacking WP

18 replies [Last post]
Offline
Joined:
05/22/2008

Ok don't know if many of you use Word press or not...but I sure do and lately have been having all sorts of issues with it on various servers. The reason....bot attacks!  Little did I know.

WordPress hit by massive botnet: Worse to come, experts warn
Summary: A massive botnet of tens of thousands of machines is attempting to hack in to weak password protected "admin" accounts of the popular blogging platform.Zack Whittaker

By Zack Whittaker for Zero Day | April 15, 2013 -- 15:15 GMT (08:15 PDT)

Blogging and website platform WordPress has been hit by a massive botnet of tens of thousands of computers, but it could be just the surface of a wider, larger attack.

Screen Shot 2013-04-15 at 11.10.10WordPress.com home page. (Image: Screenshot by Zack Whittaker/ZDNet)
The performance and security firm CloudFare warned in a blog post today that the unknown attacker is using a "relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack," suggesting a calm before a heavier storm.

The botnet is attempting to "brute force" attack WordPress websites using the username "admin", with thousands of different passwords. The botnet of machines — often individual machines infected with malware and subscribed to target servers and websites with vast amounts of data — is being used to hack web-based WordPress installations.

This botnet channels some bandwidth from individual computers infected with malware, which in mass and collectively can cause the overloading of servers. Typically, this kind of attack is either used by willing participants to cause a distributed denial-of-service (DDoS) attack against websites to force them offline, or by "slave" computers that can be used to carry out hacking attempts.

It comes only a week after WordPress enhanced user security by rolling out an optional two-factor authentication system.

WordPress founder Matt Mullenwag criticized those who were offering "solutions" to the problem, such as CloudFare, and instead suggested changing default usernames as an additional step to protect their WordPress accounts.

"If you still use 'admin' as a username on your blog, change it, use a strong password, if you're on WordPress.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress," he said.

"Do this and you’ll be ahead of 99 percent of sites out there and probably never have a problem."

WordPress remains a large target for hackers, which has around 64 million individual blogs and websites, with more than 370 million readers each month. Alexa ranks the blogging network as the 21 most visited site in the world

Follow this link to see how to set up a new user login

http://www.digitalkonline.com/blog/change-your-wordpress-admin-username/

Arks's picture
Offline
Joined:
05/22/2010

Wow! I've had the occasional IP address blocked by Better WP Secuirty before but tonight I've had like 40 addresses blocked for too many failed login attempts to my site. WP is under attack tonight...or at least I am!

__________________

All saints can do miracles, but few of them can keep hotel. ~ Mark Twain

 

Offline
Joined:
08/18/2011

I have a few different WordPress sites and see different attack patterns.  Normally my sites block 2-3 IPs/day for failed login attempts.  I did have one case though with an attacker with basically unlimited IPs coming after one site.  I ended up renaming the login page, wp-login.php, temporarily (probably was a day or two).  When I put it back to wp-login.php the attack had stopped.  I assume they gave up when they could no longer access the login page.

Madeleine's picture
Offline
Joined:
09/29/2011

Ouch!

__________________

Everyday, for good or ill, we intersect with some else's story and become a part of it.

 

Arks's picture
Offline
Joined:
05/22/2010

I installed Better WP Security yesterday and today received two notices that a couple of IP addresses have been locked out due to too many failed login attempts. I assume it's the new security plugin doing this.

So cool! Bots have apparently been trying regularly to log into my WP account and I didn't know it. Now Better WP Security is watching out for me! I like!!

swirt's picture
Offline
Joined:
05/17/2008

I highly recommend the plugin "WP Better Security"

Very powerful... checks and alters "admin" as well as ~30 other vulnerabilities.

http://wordpress.org/extend/plugins/better-wp-security/

Also EmptyNest, for sites that are not yours, this plugin can force your clients to have to use strong passwords so that they don't endanger themselves with weak ones.

Offline
Joined:
05/22/2008

For the most part, my clients don't do anything with their sites much less change a password. So I look out for them Smiling

gillumhouse's picture
Offline
Joined:
05/22/2008

Thankfully, I did not use an admin WP. Does it matter that it is on the admin of my web site to get to it? Blog is a page and then i have to go ID & password to get into it to post etc. Every time I allow comments on my blog, all I get are trashy spans to have to delete. Just takes time to have to go in and not approve them. I am getting so I just do not allow comments and that is sad.

Madeleine's picture
Offline
Joined:
09/29/2011

Thanks, will do this today.

Arks's picture
Offline
Joined:
05/22/2010

Done! Thanks JB, and "Catlady" Eye-wink

Offline
Joined:
05/22/2008

You are welcome. This has been driving me crazy for a week. So now I know. However, now I have to go back to dozens of sites and make the changes...and then figure out new emails for the owners Sad Grrrrrr.

Arks's picture
Offline
Joined:
05/22/2010

EmptyNest wrote:

You are welcome. This has been driving me crazy for a week. So now I know. However, now I have to go back to dozens of sites and make the changes...and then figure out new emails for the owners Sad Grrrrrr.

Why figure out new emails? (no, I didn't read the whole article)

Offline
Joined:
05/22/2008

When you put in a new admin, you cannot use the same email associated with the previous admin.

Arks's picture
Offline
Joined:
05/22/2010

EmptyNest wrote:

When you put in a new admin, you cannot use the same email associated with the previous admin.

Worked fine for me. First I edited the old admin user, changed e-mail address to "anything else", then put in the new admin with the email the old admin acct. used, then deleted the old admin account. So the new admin acct. uses the old admin e-mail address.

Offline
Joined:
05/22/2008

good one. I will try that. I hate to have to change all the emails. That will work. Thanks!

Arks's picture
Offline
Joined:
05/22/2010

I was going to beef up my username but in Profile, WP is saying "usernames cannot be changed".

Ah, how I long for the simpler days when WP meant WordPerfect!!

Offline
Joined:
10/07/2008

Arkansawyer wrote:

I was going to beef up my username but in Profile, WP is saying "usernames cannot be changed".

Ah, how I long for the simpler days when WP meant WordPerfect!!

See Catlady's link, it is super easy, Create a new user make it ADMIN, then log out and go back and delete the first.

It will ask if you want to attribute all your posts to the new one, you say yes. Done deal.

__________________

Gluten free is never free. - Joey Bloggs

 

Offline
Joined:
10/07/2008

I changed my user and password, yes I was using "Admin-SAL".

We had some issues a while back, so thanks for the heads up.

Offline
Joined:
06/24/2008

Thanks for the article clarifying the problem.  While we do not use Wordpress for our websites, our servers are being affected.  Our host has been working on these matters for over a week to get back to stability.  It seems the host has made some progress (fingers crossed).  We have been unable to make any changes to our sites while they combated this problem. 

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.