WordPress Powered Websites Under By Brute-Force By Bot-Nets
Roshan Ashraf Shaikh / 12 years ago
It has been reporting by hosting companies like HostGator and even CDN service ‘CloudFlare’ that there are unknown people behind highly distributed global attacks via brute force attempts using more than 90,000 IP addressing trying to crack in websites using content management software WordPress’s default or commonly used administrative credentials.
One of the hosting companies that have put up a warning about such attacks have warned that attackers are planning to build botnets using infected computers, even said that it will be stronger and more destructive than the attacks been done till now.
Matthew Prince, CEO of CloudFlare said in the company’s blog,”These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic.”
CloudFlare even added that the brute force botnet forces itself through the administrative login port of the WordPress powered website using names such as ‘admin’ and commonly used passwords. Attacks originate from thousands of IP addresses. Hostgator till now found more than 900,000 IP addresses being used to such a high scale brute force attack.
As of now, WordPress has made series of advice for having a strong enough password, but companies like Hostgator suggest a better way for securing WordPress powered websites.
Even during October last year, six of the largest U.S. banks had their web servers compromised as they’ve been attacked by having their sites flooded with above average web traffic hits. It was then identified that the botnet ‘itsoknoproblembro’ and ‘Brobot’ have been using.
Source: Ars Technica