Before It’s News – by Monica Davis
An attack on Word Press is growing in intensity. Analysts say a monster botnet with over 90,000 servers is trying to log onto the system, using massive numbers of usernames and passwords. Security analysts say the attacks have increased in the last few months.
A large distributed brute force attack against WordPress sites is understood to be occurring. A large botnet with more than 90,000 servers is attempting to log in by cycling through different usernames and passwords.
A study of various attack patterns has led to security software firm Sucuri concluding that the number of brute force attacks against WordPress has trebled in recent months and that reports of attacks are accurate. MOREHERE
Network security professionals say there are many ways to keep botnets out of your account, including:
- Avoid Obvious Passwords: A simple check of the security requirements recommended by WordPress will make brute force attacks much more difficult. As Mike Isaac points out in All Things D, “Hackers go after the low-hanging fruit, which is most often found in the novice Web users who don’t take the time to switch from their default login information.” A secure password is a mix of at least eight upper and lowercase letters, numbers and the kinds of ‘special’ characters used to depict curse-words (^%$#@*)!
- Ditch The Admin Username: The attackers are in possession of 90,000 IP addresses from which they are trying to crack the default “admin” accounts on WordPress installations. So if you are still using “admin,” create a new user with admin privileges (you will need to use a different email address than the one attached to the current admin) and give it a strong password as defined above. Then log back in as the new user and delete the old admin account and assign all of the posts in that account to the new user. Five minutes, tops. MOREHERE
Many Internet users still live in the dark ages, a cyber version of leaving doors unlocked and leaving the keys in the car. Like our neighborhoods, the Internet has changed. It has grown exponentially. Yesterday’s mom and pop enterprise has become a global entity, with hoards of expert thieves and cybercriminals looking for vulnerability in networks, websites, blogs and computer systems.
We lock our doors, don’t we? If we want to keep thieves out of our homes and businesses, if we want to keep car thieves from driving off with our cars, then why do we allow botnets, hijackers, crackers and hackers free reighn over our computer networks?
Hackers and thieves go after low hanging fruit–the easy pickings, people who do not secure their computers and networks. These careless users are test subjects, where computer criminals use their poorly secured computers/networks to launch trial runs of attacks and perfect botnets.
That being said, is the Word Press attack a prelude to something bigger? Is this a test for a global attack? Is the attack on Word Press a trial run for a larger attack—and who’s behind it?
Who’s behind it?. Now that CISPA has come up to be attacked again, who do you think?. It ain’t us.
This is the second article I’ve seen on this subject, so I thought Henry would be interested, being that he uses WordPress.
I’m surprised it hasn’t affected FTT yet, at least not that I know of.
We received an email from our server saying that they, SiteGround and their team, had thwarted the attack for those they serve.
Good job, SiteGround!
Outstanding, Henry!
Obviously, you made the right choice. 🙂
Yep, good choice Henry 🙂