There is a large brute force attack going on targeting WordPress sites in particular, the attack is aimed to steal passwords from WordPress sites. Attacker is trying to steal “admin” passwords of WP sites by using dictionary words and known passwords. The attack is happening at global level and WordPress instances across hosting providers are targeted.
ClouFlare CEO posted a blog post on the attack, according to the post the attacker is using WP username “admin” and trying thousand of passwords. The attack is using a botnet that consists of atleast 90,000 IP addresses, so it becomes difficult to limit the attack. He thinks that the attack is carried using a weak botnet to gain access to the servers to create a strong botnet for more attacks.
One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack. These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic.
Several hosting providers also posted about the attack, HostGator advised its users to change the passwords to a more secure ones. It also said that the attack is more distributed with 90,000 IP addresses participating. According to them it started last week and died soon and again started picking up yesterday morning. The symptoms of the attack are slow backend of the site and unable to login.
If you use WordPress as your blog CMS this is the time to change the password to a more secure one, and also you can use plugins to limit login attempts to improve security.
Another important thing to remember is changing the username “admin” to something else. When you install WordPress the default username is “admin”, very few people change that. While you can’t change the username in WordPress admin, you can always create a new user with full admin access and delete the admin user.
Image Credit: ClouFlare