Blogging site Wordpress has been attacked by a cybercriminal botnet made up of “tens of thousands” of individual computers since last week say server hosts.
The attack has come a week after Wordpress increased its security settings, adding an optional two-step authentication log-in process to its current system.
Server hosts Cloudflare and Hostgator noticed today that Wordpress had been attacked by a botnet comprised of “tens of thousands” of individual computers, with attacks starting sometime last week.
The cybercriminals are targeting bloggers and website owners utilising the “admin” username, accessing people’s Wordpress accounts by inputting thousands of potential passwords until one of them fits.
“Here’s what I would recommend: If you still use ‘admin’ as a username on your blog, change it, use a strong password,” wrote Wordpress founder Matt Mullenweg on his blog.
“Most other advice isn’t great – supposedly this botnet has more than 90,000 IP addresses, so an IP-limiting or login-throttling plugin isn’t going to be great (they could try from a different IP [address] a second for 24 hours),” added Mullenweg.
CloudFare CEO Matthew Prince has warned that the aim of the Wordpress attack could be to build a stronger botnet, capable of bypassing increasingly complex security systems.
“One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much large botnet of beefy servers in preparation for a future attack,” wrote Matthew Prince, CEO of CloudFare.
“These larger machines can cause much more damage in DDoS [Distributed Denial of Service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic.”
All Wordpress users are being advised to change their passwords, even if they don’t sport the ‘admin’ username, in case of a wider attack.
“The attack volume in this case has been sufficient to attrack global attention, which is a good thing, but it’s currently thought to be only about three times the usual level,” said Head of Technology at Sophos Paul Ducklin. “In other words, even when ‘normal service’ is resumed, we’ll all still be firmly in the sights of the cybercriminals, so take this as a spur to action.”
Wordpress is currently used to provide somewhere in the region of 64 million websites, read by around 371 million people.
Via: PC Pro