1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hackers Attack At WordPress

Discussion in 'Black Hat SEO' started by kamil1308, Apr 13, 2013.

  1. kamil1308

    kamil1308 Newbie

    Joined:
    Feb 8, 2013
    Messages:
    27
    Likes Received:
    6
    Hackers pose troubles everywhere and their recent victim was one of the largest blogging platforms all over the world which is undoubtedly WordPress. Hackers have made smart use of botnet virus and with this technology; it aims at capturing and retrieving the login credentials for accounts that work at administrator levels.

    The owners who are most susceptible to the attack include all those who have kept their username as admin. The main strategy used by hackers is to enter ?admin? as username. They then make smart use of a tool that works on brute force algorithm to cleverly guess the password which will help them in hacking the account and gaining unauthorized access.

    Matt Mullenweg, who is the founder of WordPress, has commented that all those who use ?admin? as their username should try to change it. Further, he requested users to pick up strong password that cannot be easily guessed. At the same time, the two factor authentication feature that is provided at WordPress should be turned on too for the sake of larger security.

    CloudFare which is the company that works to check that the sites are loaded speedily has commented that the attack was made with the prime motive of using the servers. The hackers did not want to make use of the site or mess with it as their main aim was to extract undue advantage of the servers.

    The bot nets are not as strong as the servers because they were made of home PCs, however, once this attack gained speed and momentum, its efficiency could increase manifold. It could even force attacks as strong as denial of service attack for some major websites as well.

    The attack looks to be massive as a lot of different IPs has already been targeted. WordPress authorities are working hard to protect its users.


    Sorry if i have put it in the wrong section i though everyone with wordpress on this forum should read it.
     
  2. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    lol, this is why you use plugins like login lockdown and bullet proof security. It still amazes me that wordpress does not come stock with these plugins.
     
  3. LakeForest

    LakeForest Supreme Member

    Joined:
    Nov 11, 2009
    Messages:
    1,269
    Likes Received:
    1,802
    Location:
    Location Location
    And move your admin folder as well as re-checking permissions.
    And turn off anonymous ftp.
    And always remove passwords from plain text(who thought plain text passwords would ever be a good idea, especially to keep for this long in computing? so much about how the internet and wireless devices work is ridiculous, stupid, and dangerous. It doesn't matter if you secure your own stuff if somewhere downstream, some piece of shit device with a log-in(that no one might even be aware exists) is set at u:admin p:admin/password(how did laziness become standardized?), then from there they get root and...it's just so stupid. sorry).

    And, there's just too much to do. Just setting up, maintaining, and updating secure servers can be exhausting.
     
  4. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Agreed, still there are enough plugins out there to protect end users. I guess hackers are finding Windows a little tougher to crack nowadays so they go after the next little old lady on the block.
     
  5. Ste Fishkin

    Ste Fishkin "I'm watching you.." - Apricot Jr. VIP Premium Member UnGagged Attendee

    Joined:
    May 14, 2011
    Messages:
    1,832
    Likes Received:
    8,690
    Occupation:
    Rands Sex Slave
    Location:
    England
    I've always whitelisted my own IP only for the wp-admin directory.

    They have a job doing anything then.
     
  6. sn0rt

    sn0rt Elite Member

    Joined:
    Jun 12, 2012
    Messages:
    1,705
    Likes Received:
    3,502
    Occupation:
    "Most obstacles melt away when we make up our mind
    Location:
    "Knowing is not enough; we must apply. Willing is
    Hmm.. I wonder if they were trying to use the servers for mining bitcoins?

    anyway, we have our very own hacker who happens to be quite legendary. You can check out his thread [HERE]
     
  7. turbohacker

    turbohacker Regular Member

    Joined:
    Jul 27, 2010
    Messages:
    479
    Likes Received:
    127
    Nothing new there? Brute forcing using has been around for years? People have been trying to brute force my wordpress blog for years too, I use reCaptcha and a limit login attempts plugin on my login area, 3 failed attempts = Ban!
     
  8. propertyse

    propertyse Newbie

    Joined:
    May 3, 2012
    Messages:
    47
    Likes Received:
    11
    What better than making a Russian blog network bigger?
     
  9. TITAN

    TITAN Newbie

    Joined:
    Jul 2, 2008
    Messages:
    43
    Likes Received:
    3
    Having too many unnecessary plugins from unknown authors can also play a risk, and i also get my wp blogs blocked after 2 attempts anyways :)