Secure Against Attack on WordPress and other CMS Sites Now!

  • 1

botnet attack on wordpress cms websites“At present there is a distributed global ‘botnet’ attack on WordPress and other CMS (content management system) websites at every known website host. Bots attempt to hack the admin accounts and inject malicious scripts to the site code.”*

*Source – ADMAX.tv

attack on wordpress botnet attacks As of today these attacks are happening at a global level. WordPress installations across the globe are being targeted. Because the attack on WordPress is highly distributed, most of the IP’s used are spoofed, it is very difficult to block all malicious data, but not impossible. This is why servers from many hosting providers have gone down in recent days, including big names like Godaddy and Network Solutions.

drupal attacked by botnets attack on wordpressIf you manage or own a website on a content management system (CMS) you know that invalid login attempts are an everyday occurrence. We see literally thousands of invalid login attempts from dozens of different IP numbers in the course of any given day. This is considered normal. However hosting providers worldwide are reporting they are seeing a systematic, well organized attack. The attacks on content management systems are well above average and often times at catastrophic levels.

botnet attacks on vbulletinHostGator’s analysis found that this attack on WordPress, vBulletin and other CMS sites is well organized. CloudFlare reported the hackers are using about 100,000 bots. Quoted at Techcrunch, Matthew Prince, CloudFlare’s founder and CEO, says that his company saw attacks on virtually every CMS site on its network.

The websites that have been hacked had the “admin” accounts compromised and malicious scripts were uploaded into the directories.

This attack on WordPress started on or about April 8th, but the hackers became extremely aggressive overnight on April 12th. They have already shut down 10′s of thousands of servers running WordPress. They have also affected the performance of many other servers. The attack started with WordPress installations, according to Sophos EndUser Protection (a major player in the web security industry), Joomla and Drupal website are now also getting hit.

The attack on WordPress began with a botnet made up of at least 90,000 hacked home based computers. This is not a “brute force” attack like we see every day. This onslaught is using what is known as a “dictionary” attack. This is where the hacker uses a list of the most likely usernames and possible passwords and tries those in very quick succession. Even when the attack fails, the load the attacks on multiple websites puts on a server can cause it to crash.

The early indications are that hackers are installing malicious scripts in the content management systems that have been compromised. These malicious scripts turns the infected website into an attacker to hack other websites. This is the reason this attack is going viral. According to Matthew Prince, the chief executive of web hosting company CloudFlare, these hackers are causing much more damage because the infected servers have large network connections and are capable of generating significant amounts of traffic for the attackers.

If you have not already done so, we strongly recommend you take the following steps to protect your wordpress installation:

Make sure your WordPress installation and all of your installed plugins are updated

Make sure your administrator’s password is secure

If you have a user account with the username “admin”, create a new administrator account with a different username and remove that old “admin” account

Install the security plugin WP Better Security

Other ways of securing a WordPress website can be found at WordPress.org.

These additional steps can be taken to further secure WordPress websites:

Remove README and license files. 

Prevent reading of the htaccess file

Limit access to wp-admin.php and wp-login.php to your IP address

Move wp-config.php up one directory and change its permission to 400

We will continue to monitor this attack and post updates as more information becomes available.
—————
wordpress bot attacksD. Marcus Keith is a partner in ADMAX, a local and national; “Internet Marketing Optimization” agency that has been performing SEO-related services for Cloud9 Real Time since 2009.

AUTHOR

D. Marcus Keith

All stories by: D. Marcus Keith
6 comments
  • Frank Steiner

    It’s most critical than in the past to safeguard WordPress sites, or else there’s the risk that they may even be turned out to be used for criminal activities.

    As WordPress founder Matt states, having a strong password and ensuring that you have latest version of WordPress is an adequate protection. The botnet is basically guessing passwords, so when you have something which is simply not guessable you will be safe.

    There is now a Google Authenticator Plugin for WordPress. You could enable (or disable) it per user (admin, editor, etc). This plugin as well as strong password is the best you can do to secure the back end.

  • Susan Shepard

    Another factor is that with so many web sites running applications, attackers have taken to creating automated tools that can launch well coordinated attacks against a number of vulnerable web sites at once. With this capability, the targets of these malicious hackers are no longer limited to large corporate web sites. Smaller web sites are just as easily caught up in the net cast by these automated attacks.

  • Burt T. Zimmerman

    According to Matthew Prince, the chief executive of web hosting company CloudFlare, these hackers are causing much more damage because the infected servers have large network connections and are capable of generating significant amounts of traffic for the attackers.

  • Dave Silver

    Hackers are installing scripts in the content management systems that have been compromised. These malicious scripts turns the infected website into an attacker to hack other websites. This is the reason this attack is going viral. Strong passwords are a must.

Leave a Reply