WordPress Installs Getting Slammed with Password Guessing, Self-Propagaint Botnet

Attackers are slamming WordPress installs with a password guessing, self-propagating botnet. Change the default admin and use strong passwords for protection.

Being one of the most popular CMSs has its benefits … and disadvantages. In this case you become a big target. In this particular attack the bad guys are attempting brute-force logins on the default admin account using 1,000 common passwords. After successfully gaining access to the WordPress backend, they appear to install a backdoor that incorporates the site into a botnet that continues to self-propagate using the same password guessing attack.

As usual always change the admin username and use strong passwords for your logins (such as those generated by LastPass). Brian Krebs and many of the commenters of his Friday article discuss additional precautions such as implementing some type of two-factor authentication (e.g., from Google Authenticator and Duo Security) and adding plugins that prevent brute-force attacks by automatically locking out attacking IPs (e.g., Better WP Security and Wordfence). And if you are already infected Brian touches on some steps to help cleanup.

via KrebsOnSecurity.com

Security experts are warning that an escalating series of online attacks designed to break into poorly-secured WordPress blogs is fueling the growth of an unusually powerful botnet currently made up of more than 90,000 Web servers.

Over the past week, analysts from a variety of security and networking firms have tracked an alarming uptick in so-called “brute force” password-guessing attacks against Web sites powered by WordPress, perhaps the most popular content management system in use today (this blog also runs WordPress).

According to Web site security firm Incapsula, those responsible for this crime campaign are scanning the Internet for WordPress installations, and then attempting to log in to the administrative console at these sites using a custom list of approximately 1,000 of the most commonly-used username and password combinations.

Continued here.

#####

Have any other advice for protecting those WordPress installs? Let us know in the comments below. Today’s post pic is from KrebsOnSecurity.com.

5 comments for “WordPress Installs Getting Slammed with Password Guessing, Self-Propagaint Botnet

  1. April 15, 2013 at 12:51 am

    #NoVABlogger WordPress Installs Getting Slammed with Password Guessing, Self-Propagaint Botnet http://t.co/N19N4e0Kry

  2. April 15, 2013 at 2:02 am

    WordPress Installs Getting Slammed with Password Guessing, Self-Propagaint Botnet http://t.co/9pU5vpWZSc

  3. April 16, 2013 at 1:00 pm

    WordPress Installs Getting Slammed with Password Guessing, Self-Propagaint Botnet – see our post for more info http://t.co/v9HbkOrSZr

  4. April 16, 2013 at 7:00 pm

    WordPress Installs Getting Slammed with Password Guessing, Self-Propagaint Botnet – see our post for more info http://t.co/Hd1nboevVy

  5. April 17, 2013 at 1:01 pm

    WordPress Installs Getting Slammed with Password Guessing, Self-Propagaint Botnet – see our post for more info http://t.co/TRbLgo2X4E

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.