Mass Hacker Attack Reportedly Underway Against WP Intalls
-
Haven’t been here in a while so I’m not sure if this has been covered, but search didn’t pull up anything.
Multiple news stories on the web about a mass bot-net attack targeting WordPress installations.
Among them:
Most of it appears to reference .org installs, but the Krebs Report dated today specifically includes discussion of .com installs as well:
Matthew Mullenweg, the founding developer of WordPress, suggests site administrators chose a username that is something other than “admin”. In addition, he urged WP.com-hosted blogs to turn on two-factor authentication, and to verify that the site is running the latest version of WordPress. “Do this and you’ll be ahead of 99% of sites out there and probably never have a problem,” Mullenweg wrote.
http://krebsonsecurity.com/2013/04/brute-force-attacks-build-wordpress-botnet/
-
-
WordPress.COM users see:
security here > http://en.support.wordpress.com/security/
two-factor authentication > http://en.blog.wordpress.com/2013/04/05/two-step-authentication/ -
The botnet has so far not targeted WordPress.com, but their efforts would essentially be futile here as they are only targeting the “admin” username (not the Administrator, but specifically the username “admin”).
If you’re concerned though, it’s a great time to enable two step authentication. :)
-
If you’re concerned though, it’s a great time to enable two step authentication. :)
http://en.support.wordpress.com/security/two-step-authentication/lol :D
-
-
In addition, he urged WP.com-hosted blogs to turn on two-factor authentication, and to verify that the site is running the latest version of WordPress.
(Emphasis mine.)
WordPress.com is not only running the latest version of WordPress, we’re several updates ahead of the current version available for ORG users. Talk about confusion!
Maybe we need a sticky, since this topic seems to be coming up regularly now?
-
staff-blorbo, I saw them venture out of trying just the admin username. I only noticed a handful of those attempts though.
-
True, it looks like they’ve branched out to a few more common usernames, but it still won’t do them much good here, since we don’t share usernames. ;)
Here’s a good write up on the situation from a fell WordPress.com Happiness Engineer: http://ryanmarkel.com/2013/04/13/password-attacks-and-good-account-policy/
-
-
-
However staff-blorbo – many many user names here are the same as the blog name – so not take much work to change the way the bot works –
-
The attack is specifically on sites with Admin as a username or a few other common ones: because of the way we choose usernames here, the commonplace ones were all gone years ago. Whoever owns Admin.wordpress.com might be in trouble, except that the limited number of log-in attempts allowed at any one time here stops the assault after I think it’s three tries, then they get a time-out.
And then, yes, there’s two step authentification.
-
-
auxclass, from what I understand of the botnet so far, it would be a rather hefty re-write, but let’s not give them any ideas. :)
timethief, +1 :) Brute force botnet or not, if they don’t have your mobile device in their possession, they aren’t getting past two step authentication.
-
staff-blorbo – probably the biggest thing is that people stay with the default passwords like 1234 or 123456 – things like that – never understood the not change a password if anyone but one person has access to the equipment – oh well – I read they have some spare bunks in Gitmo – be a nice place to send those types to
-
This is public forum and this thread has been indexed by Google so let’s hush-up and not provide any ideas to any low life.
- The topic ‘Mass Hacker Attack Reportedly Underway Against WP Intalls’ is closed to new replies.
WordPress.com Forums 