• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

TekSec

My Scribbles on security and whatever strikes my fancy . . .

  • Home
  • About
    • Privacy Policy
    • DISCLAIMER
  • Services
    • Content Strategy
    • Social Media
    • Digital Audit
  • Show Search
Hide Search

WordPress sites under a global attack?

April 14, 2013 By teksquisite Leave a Comment

WordPress sites have been under an escalated botnet-based brute force attack since late last week. Though brute force attacks are quite common with most popular CMS’s; using the admin default user name with a weak password will get your site hacked. It is obviously not a matter of if (you will get hacked), it is a matter of when (you will get hacked) – if you continue to use the default admin account combined with a weak password.

[pullquote]Using the admin default user name with a weak password will get your site hacked[/pullquote]

WordPress blog

Matt Mullenweb recommends:

If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem.

[pullquote]Brian Krebs wrote a highly-detailed report of how these brute force attacks are going down[/pullquote]

Internet security journalist  Brian Krebs wrote a highly-detailed report of how these brute force attacks are going down, over at KrebsOnSecurity.

Over the past week, analysts from a variety of security and networking firms have tracked an alarming uptick in so-called “brute force” password-guessing attacks against Web sites powered by WordPress, perhaps the most popular content management system in use today (this blog also runs WordPress).

WordPress Ongoing Brute Force Attacks

[pullquote]The motive behind the current attack is purely speculative and unknown.[/pullquote]

TechCrunch states that this attack is similar to a 2012 WordPress attack that was scripted to look for outdated versions of Tim Thumb. I do not see the similarity between Tim Thumb and the current brute force attack. Perhaps TechCrunch was using a metaphor for the Tim Thumb attack since it was well organized and well distributed. Or, perhaps they meant that this attack is gearing up for something far more sinister in the near future (injecting back doors).

Main culprits that I have observed at my blogs

184.82.29.169 hostname: 184-82-29-169.superslickydeals.com [letmein; passw0rd; welcome; test; secret; 123123; pass; 123456; qwerty; password; internet; hello; 111111; ninja]

85.102.155.27 hostname: 85.102.155.27.dynamic.ttnet.com.tr [admin; admin123; 12345; 123456; 123456789;]

225.25.57.37  hostname: 225.25.57.37.triolan.net [admin; admin123; password; 123456; 12345678]

83.66.234.163 hostname: N/A Turkey. [admin; admin123]

188.143.234.121 hostname: N/A Russian Federation  [ongoing brute force attacks since December 2012 – range = 188.143.234.0 – 188.143.234.255]

At the time of this writing, the motive behind the current attack is purely speculative and unknown. If you run a self-hosted WordPress site, following many of these recommendations will harden your installation against known attacks.

Update: 4/15/2013 – US-CERT jumps on the bandwagon and issues a warning. Better late than never, I guess…

Facebooktwitterredditpinterestlinkedinmailby feather

Filed Under: Updates

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Visit Us On TwitterVisit Us On FacebookVisit Us On PinterestVisit Us On YoutubeVisit Us On LinkedinCheck Our Feed

Recent Posts

  • 13 Reasons why WordPress hacks are successful
  • Hacked medical devices gaining traction
  • Online Travel Agency Deals: Due Diligence and Dive

Top Posts

  • Safari browser redirects on iPhone, iPad –… (11,529)
  • 6 motivations of cybercriminals–Is it all about the money? (4,832)
  • How to derail a Business Gmail Spam bomb (4,312)

Recent Comments

  • teksquisite on How to derail a Business Gmail Spam bomb
  • Stephanie Cleveland on About
  • bob mbeng64 on How to derail a Business Gmail Spam bomb
  • teksquisite on Remove Query Strings From Static Resources in WordPress
  • Harish on Remove Query Strings From Static Resources in WordPress

Categories

Copyright © 2023 · Teksquisite Security LLC | #155, 711 Medford Center | Medford, OR 97504

  • Home
  • About
  • Services
  • Privacy Policy
  • DISCLAIMER