1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Beware Of New WordPress Brute-Force Attacks. Protect your sites!!!

Discussion in 'Black Hat SEO' started by scorpion king, Apr 12, 2013.

  1. scorpion king

    scorpion king Senior Member

    Joined:
    May 2, 2010
    Messages:
    1,157
    Likes Received:
    2,393
    Occupation:
    Entrepreneur
    Location:
    irc.blackhatworld.com
    Hackers targeting wordpress sites now. They attempting to login WP sites using bruit force method. I am not a wordpress expert
    go give proper guidance how to protect your sites. I just want to make you aware of this. You can see more information here.

    Code:
    [URL]http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/[/URL]
    Code:
    [URL]http://blog.cloudflare.com/patching-the-internet-fixing-the-wordpress-br[/URL]
    Code:
    [URL]http://blog.sucuri.net/2013/04/protecting-against-wordpress-brute-force-attacks.html[/URL]
    Looking for expert's suggestions.
     
  2. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,873
    Gender:
    Male
  3. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
  4. warner410

    warner410 Regular Member

    Joined:
    Jul 28, 2012
    Messages:
    377
    Likes Received:
    172
    What if the wp-login file is renamed?

    Will that help?
     
  5. nicofan

    nicofan Junior Member

    Joined:
    Jul 25, 2010
    Messages:
    135
    Likes Received:
    77
    Occupation:
    unemployed, unemployed, unemployed, unemployed, un
    Location:
    LOLercoaster
    Code:
    [URL]http://howsecureismypassword.net/[/URL]
    this site says it takes 846 billion years to c rack my password.

    If I understand this correctly, Brute force is the same as trying out random passwords. So the most important thing you need to have is a relatively complex password.
     
  6. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,873
    Gender:
    Male
    Did you reveal your password in that site? Change it now, coz they all have a shared database ;-)
     
    • Thanks Thanks x 1
  7. nicofan

    nicofan Junior Member

    Joined:
    Jul 25, 2010
    Messages:
    135
    Likes Received:
    77
    Occupation:
    unemployed, unemployed, unemployed, unemployed, un
    Location:
    LOLercoaster
    yes! they also asked me for my username and my webiste. I gave them all the information because I trust them.

    I'm waiting for them to come... ;-)
     
    • Thanks Thanks x 1
  8. garrido

    garrido Supreme Member

    Joined:
    Nov 28, 2011
    Messages:
    1,301
    Likes Received:
    341
    Occupation:
    Hacker / Developer
    Location:
    Hackerland
    Use incapsula dot com to protect your site.

     
    Last edited by a moderator: May 18, 2016
  9. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,873
    Gender:
    Male
    What the heck is that? I gotta check!
    EDIT: Ok, it seems to be like cloudflare is it? Let me have a go at it. Thanks or the input(i am out of thanks.. so can't thank ur post)

     
    Last edited by a moderator: May 18, 2016
  10. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    Brute force is trying many passwords or random passwords. With a good dictionary and good ruleset you can get most peoples passwords in under a day. The people that wouldnt be found are those using a non-standard and complex password. If you use words, names of movies/characters/shows then you're immediately insecure.

    846 billion is the time it would take to test all combinations possible. They could get it on the first try however unlikely it is. Also, the security features come into play. If they limit your password to between 4 and 8 characters with no special characters then its much easier to find than one that imposes a requirement of 4 characters and any character.
     
  11. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    You know you just got to love it that so many idiots leave their computers unprotected and are actually contributing their machines to this botnet. It's probably the same one doing the DNS on the bitcoin exchanges.
     
  12. Raffy

    Raffy Regular Member

    Joined:
    Nov 30, 2012
    Messages:
    212
    Likes Received:
    613
    Does this mean it's no longer safe to use "password" as the password on all my sites?
     
  13. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,873
    Gender:
    Male
    Trolling? On a serious note, you need an alpha-numeric sentence instead of a word now-a-days.