Many wordpress sites are under attack by a botnet using brute-force methods to obtain their passwords. The attacks seem limited to only users who kept the default “Admin” username for their websites, however, these attacks are only the beginning. Analysts and companies fear that the attackers are attempting to build a massive botnet that is much more powerful than any botnet seen before.
Currently, there are over 90,000 IP addresses being used to launch these brute-force attacks. These IP addresses are using thousands of passwords to hack into the WordPress sites. Right now, the botnet is limited to just using home PCs, however, the attackers could soon use the powerful servers that run these WordPress sites to launch a much stronger botnet. Matthew Prince, CEO of CloudFlare, wrote,
“These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic.”
Prince references to the “itsoknoproblembro”, or “brobot”, botnet that launched DDoS attacks against many major US Banks, including Bank of America, U.S. Bank, Wells Fargo,and more. Ars Technica reports that there is already some evidence that a massive botnet is being developed. ResellerClub, a web host, stated that they are undergoing an “ongoing and highly distributed global attack.” HostGator is a major target, with its WordPress machines being targeted by over 90,000 IP addresses.
So what can you do right now? Right now, if you have Admin as your default username, you should go ahead and change your password. You can also sign up for CloudFlare, which is rolling out a fix to prevent your site from becoming a victim to this botnet attack. CloudFlare will be using its data retrieved from these attacks and giving them to its partners so that they can come up with a solution to stop this botnet in its tracks. Also, in the future, if you plan on using the WordPress platform for your site, be sure to change the default “Admin” username to something unique.