WordPress Attack What you need to know

With one of the largest WordPress Attack in history, backed by over 90,000 servers no host or WordPress site was is safe.  Using the default username of “admin” and thousands of passwords via a botnet.

Utilizing over tens of thousands of unique IP’s mostly using home based PC’s is raising concerns with administrators that something bigger could be on the way.  The strategy is to use the weaker home based PC’s to gain control over web servers which could power an ever stronger attack.

Securing WordPress and Other CMS

WordPress, Joomla and other CMS webmasters are highly encourged to take necessary precautions to secure themselves as best as possible against such attacks.  Changing the Administrator name from “admin” to something else is just the first step.

It’s recommended that your password be AT LEAST 12 characters long including uppercase, lowercase, numbers and symbols such as ($%&^*@!) making brute force attempts extremely difficult.

Cloudflare released the following statement to its users earlier today

We just pushed a rule out through CloudFlare’s WAF that detects the signature of the attack and stops it. Rather than limiting this to only paying customers, CloudFlare is rolling it out the fix to all our customers automatically, including customers on our free plan. If you are a WordPress user and you are using CloudFlare, you are now protected from this latest brute force attack.

Only to be followed up by HostGator’s Sean Valant stating

“This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack. We are taking several steps to mitigate this attack throughout our server farm, but in the same breath it is true that in cases like this there is only so much that can actually be done.

The servers most likely to experience service interruptions will be VPS and Dedicated servers hosting high numbers of WordPress installations, due to the incredibly high load this attack has been seen to cause.”

Following up with a post with additional actions that HostGator users running WordPress could take against this attack.

http://support.hostgator.com/articles/specialized-help/technical/wordpress/wordpress-login-brute-force-attack

Marc Gaffan co-founder of Incapsula told Krebs on Security

“We think they’re building an army of zombies, big servers to bombard other targets for a bigger cause down the road.  But as soon as those servers get hacked, they are now bombarding other servers with attack traffic. We’re talking about Web servers, not home PCs. PCs maybe connected to the Internet with a 10 megabit or 20 megabit line, but the best hosting providers have essentially unlimited Internet bandwidth.”

WordPress founding developer Matthew Mullenweg is suggesting that webmasters using WordPress.com accounts turn on two-factor authentication and verify that your site is running the latest version of WordPress. This will help against the WordPress Attack.