Massive attack, aimed at creating a botnet of websites using WordPress discovered
The last few days in an intense web Brute Force attacks against password guessing accounts for the site based on the engine of free WordPress. Attack is massive and organized using a large botnet.
Became subject to attack sites are checked under a login entry "admin" through the pages / wp-login.php and / wp-admin with about thousands of the most popular passwords. If the selection of the password was successful in WordPress engine introduced backdoor that connects hacked site of the botnet and retains control even after the password change. Struck by the host begins to participate in Brute Force attack to identify other victims, but also can receive commands and perform other actions that are typical of botnets, such as the commission of DDoS-attacks. The current size of the botnet WordPress servers already estimated at more than 90,000 hosts.
It is noted that a botnet of servers is much more dangerous in terms of committing DDoS-attacks than botnet of custom cars, as server systems have access to wider channels (stomegabitny server port in a major data center is in the order of things) and more painful to lock (one IP can be hundreds of sites). In this case, not even related to DDoS-attack traffic generated in the process of selecting passwords observed a negative impact on the activities of some web hosting companies, as it distorts typical hosting operators focus on the prevalence of outgoing traffic.
However, some experts reject the information about the participation of compromised servers in Brute Force attack, believing that the purpose of hacking is spreading malware to defeat the client systems, by substituting the pages of the affected site code for exploiting vulnerabilities in browsers and popular plugins for them.
All administrators of the blogs on the basis of engine WordPress encouraged to make use of reliable neslovarnogo password for their accounts. In addition to blocking attacks are advised not to use the administrator username admin, protect access to the wp-login.php script through additional Basic-level authentication http-server or allow login only from specific IP. For an even more serious protection, you can use the add-on with the implementation of a two-level authentication with one-time passwords. To Owners of hacked sites recommended to reinstall from scratch WordPress, update secret keys and change all passwords.