Continue reading " />

WordPress Sites Face Major Brute Force Attack

WordPressA large distributed brute force attack is underway targeting WordPress sites. A large botnet with more than 90,000 servers at last count is attempting to gain access to WordPress sites by brute-force attacks.

According to Web site security firm Incapsula this botnet is attempting to log in to WordPress dashboards using a custom list of 1,000 of the most common username and password combinations. Infected sites are then seeded with a backdoor that allows the attackers to control the site remotely (even after the owner changes their passwords), and the compromised WordPress site is then used to launch further attacks on other WordPress sites.

This is a global issue affecting all Web Host Providers. Major Hosts such as HostGator, InMotion Hosting, Melbourne Server Hosting, and LiquidWeb, have all reported experiencing these attacks. Scarab Media first witnessed these attacks on WordPress sites we host early yesterday (Thursday, April 11th, 2013) and took immediate action to block them.

This is not the first large-scale attack directed against WordPress sites. In October 2012 WordPress.com disclosed that 50,000+ WordPress sites were successfully compromised.

Scarab Media installs the “Login Limits Attempts” plugin with all of our default WordPress installations. If you have disabled this plugin in your WordPress installation you may want to consider re-enabling it immediately. We also routinely block the entire ‘Class C Network’ range of Brute Force Attackers when detected on our network. At last count we have  blocked over 1,160,760 IP Addresses world-wide from accessing Scarab Media Web Servers due to abuse.

Other things you can do to protect your WordPress installation are to make sure that you use an uncommon, hard to guess, User Name, change your password to something that meets the security requirements specified by WordPress (Mixed Case letters containing both UPPER and lower case letters, at least one number, and preferably a special character, with a minimum length of 8-10 characters, although the longer the better), ensure that your WordPress installation and all Plugins are updated to the newest versions, and consider using Security Plugins that restrict access to your WordPress Dashboard.

To determine whether or not your WordPress site has been compromised you can scan your website with an online malware scanner like http://sitecheck.sucuri.net/scanner or Check Google’s safe browsing for your domain, at http://google.com/safebrowsing/diagnostic?site=example.com replacing “example.com” with your own domain name that your WordPress site uses. If you believe that your WordPress site hosted at Scarab Media has been compromised, please contact our Technical Support immediately for assistance.

Leave a Response

Please note: comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.