Technology Bites

  • Home
  • Tech
    • Software
    • Browsers
    • Google
    • Internet
    • Windows
  • Mobile
    • Android
    • Apple
    • Windows Phone
  • Products
    • Phones
    • Tablets
  • TIP US
You are here: Home / Tech News / WordPress Sites Under Brute Force Attack to Steal Admin Passwords

WordPress Sites Under Brute Force Attack to Steal Admin Passwords

There is a large brute force attack going on targeting WordPress sites in particular, the attack is aimed to steal passwords from WordPress sites. Attacker is trying to steal “admin” passwords of WP sites by using dictionary words and known passwords. The attack is happening at global level and WordPress instances across hosting providers are targeted.

ClouFlare CEO posted a blog post on the attack, according to the post the attacker is using WP username “admin” and trying thousand of passwords. The attack is using a botnet that consists of atleast 90,000 IP addresses, so it becomes difficult to limit the attack. He thinks that the attack is carried using a weak botnet to gain access to the servers to create a strong botnet for more attacks.

One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack. These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic.

Several hosting providers also posted about the attack, HostGator advised its users to change the passwords to a more secure ones. It also said that the attack is more distributed with 90,000 IP addresses participating. According to them it started last week and died soon and again started picking up yesterday morning. The symptoms of the attack are slow backend of the site and unable to login.

If you use WordPress as your blog CMS this is the time to change the password to a more secure one, and also you can use plugins to limit login attempts to improve security.

Another important thing to remember is changing the username “admin” to something else. When you install WordPress the default username is “admin”, very few people change that. While you can’t change the username in WordPress admin, you can always create a new user with full admin access and delete the admin user.

Image Credit: ClouFlare

Share this:

Related

  • 30,000 Gmail, Yahoo, AOL and other email accounts hit by phishing attack
  • October 6, 2009
  • In "Tech News"
  • Yahoo Mail resets user passwords after a security breach
  • January 31, 2014
  • In "Tech News"

About Ram

I am a blogger and Technology Enthusiast. I write about software, tech news, gadgets. You can reach me at ram@teknobites.com, follow me on Google+ or on Twitter

« Fotor: Photo Editing app for Windows, Android, iOS and Windows Phone
Run Facebook Home on any Android device with out root »

Top Posts

  • Attach Large Files to Yahoo Mail with Drop.io App
  • Yahoo new home pages and how to get back to the old home page
  • Download 10000 Free Shapes for Photoshop
  • How to Download Google Chrome on Win 2K
  • Latest Sony Xperia Apps for ALL Android Devices
  • UCinema - Stream/Download ALL TV Shows and Movies for Free
  • BugMeNot Firefox Add-On
  • 10 Best free Android apps for learning English
  • Alilg: Simple and Free Online Photo Editor
  • Google Trends RSS Feed

About Us · Archive · Disclaimer & Privacy Policy · TIP US · Copyright © 2021 · Technology Bites

Copyright © 2021 · Teknobites Theme on Genesis Framework · WordPress · Log in