1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[NEWS] Wordpress blogs under attack - Beware!

Discussion in 'Blogging' started by Gogol, Apr 12, 2013.

  1. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,872
    Gender:
    Male
    I received an warning from my hosting provider 15 minutes ago. Wordpress blogs are under a global brute-forcing attack. You are advised to change the passwords with something really strong. Install some security plugins too if possible (I opened a thread on wordpress security some days ago. Search for it).

    More resources :
    http://www.hostdime.com/blog/2013/04/brute-force-attack-affecting-global-wordpress-installations/
    http://blog.sucuri.net/2013/04/protecting-against-wordpress-brute-force-attacks.html
     
    • Thanks Thanks x 3
  2. innozemec

    innozemec Jr. VIP Jr. VIP

    Joined:
    Aug 19, 2011
    Messages:
    5,290
    Likes Received:
    1,799
    Location:
    www.Indexification.com
    Home Page:
  3. kappa84

    kappa84 Power Member

    Joined:
    May 19, 2010
    Messages:
    736
    Likes Received:
    334
    Location:
    Bath, UK
    Got the same email when I think doing changes on around 100 wp blogs i get a big headache!
     
    • Thanks Thanks x 1
  4. ezines

    ezines Power Member

    Joined:
    Jan 3, 2011
    Messages:
    712
    Likes Received:
    216
    Occupation:
    Online/Offline
    Location:
    Somewhere On Earth
    I've got mine hacked already, and my hosting restore it. Fortunately, the hacked websites are not the primary money-generating sites. Even my cPanel got password changed. I was not able to accessed it. Now, everything back to normal.
     
    • Thanks Thanks x 1
  5. Paranoid Android

    Paranoid Android Jr. VIP Jr. VIP Premium Member

    Joined:
    Jun 20, 2010
    Messages:
    1,461
    Likes Received:
    2,224
    Gender:
    Male
    Occupation:
    Pantie Thief
    Location:
    Native America
    wp is always under attack and the stupid plugins never do much to protect you.

    Is there a brute force plugin for wordpress? Logins blocked for 20 minutes if the 3rd or 5th attempt is wrong?
     
    • Thanks Thanks x 1
  6. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,872
    Gender:
    Male
    This one seems to be a combined one. I am already safe though ;-)
    Best way is to set it up right at the first time. Your time would have been saved now ;)
    Sad to hear that. I hope everything is secure now :)
    Yes there is! Try "limit login attempt" / "Login Lock Down"
     
    • Thanks Thanks x 2
  7. WebmasterDeluxe

    WebmasterDeluxe Regular Member

    Joined:
    Jan 29, 2010
    Messages:
    279
    Likes Received:
    259
    Location:
    LA
    Home Page:
  8. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,872
    Gender:
    Male
  9. ID Internet Marketer

    ID Internet Marketer Senior Member

    Joined:
    Jan 22, 2013
    Messages:
    938
    Likes Received:
    1,442
    Occupation:
    Blackhatworld Member
    Location:
    My Private ***
    try limit login attempts plugin.
     
  10. crazyb

    crazyb Junior Member

    Joined:
    Jul 15, 2011
    Messages:
    154
    Likes Received:
    21
    Like there weren't attacks before. If this is something to force you to protect your site what were you doing until now. You just need limit login attempts plugin installed and configured to be safe from brute force.
     
  11. mazgalici

    mazgalici Supreme Member

    Joined:
    Jan 2, 2009
    Messages:
    1,489
    Likes Received:
    881
    Home Page:
    I don't know why wordpress doesn't have those plugins enabled by default...
     
    • Thanks Thanks x 1
  12. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,872
    Gender:
    Male
    Well may be we can request those features to be included in in the upcoming versions. I think we are soon going to see a Login Captcha by default. Wait for that ;)
     
  13. viralking

    viralking Power Member

    Joined:
    Nov 11, 2012
    Messages:
    757
    Likes Received:
    205
    Location:
    Cpadoom.com
    Home Page:
    yeah this started yesterday morning
     
    • Thanks Thanks x 1
  14. alaltaierii

    alaltaierii Supreme Member

    Joined:
    Jun 11, 2010
    Messages:
    1,408
    Likes Received:
    349
    The plugin was updated last time 2012-6-1. Do you know a similar plugin up to date ?
     
  15. stayliquid

    stayliquid Registered Member

    Joined:
    Mar 13, 2012
    Messages:
    75
    Likes Received:
    36
    Occupation:
    Monkey punisher
    Location:
    Taxifornistan
    I use limited login attempts.

     
  16. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,872
    Gender:
    Male
    Should not matter. Login Lock down is even older(m talkin bout last modified date), but works well too..
     
    Last edited: Apr 12, 2013
  17. seochargers

    seochargers Registered Member

    Joined:
    Sep 13, 2012
    Messages:
    84
    Likes Received:
    8
    Occupation:
    marketing consultant
    Home Page:
    Mine looks safe. :)
     
    • Thanks Thanks x 1
  18. kvmcable

    kvmcable Supreme Member

    Joined:
    Dec 28, 2010
    Messages:
    1,355
    Likes Received:
    2,815
    Occupation:
    24 year business owner - old school dude
    Location:
    KFC - BW3
    Anyone that has a plugin that blocks an IP for so many minutes after x number of failed logins should be fine.

    This is news because many hosts don't have protection in place for a flood protection or connection tracking. This recent wave is taking down servers because of high server loads. Especially on shared network hosts.

    I didn't have one of my servers set up with connection tracking and sure enough a couple days ago I started receiving emails showing high server loads. I looked at the Apache log and saw IPs hitting WP sites with 100 login attempts in less than a minute.

    These hackers are a little smarter (or dumber, depending on your viewpoint) and not using a block of IPs on one site which would trigger most flood protection mechanisms on servers these days. They're hitting a WP site with just a single IP hammering the login page so connection tracking on the server needs enabled that monitors each IP that visits the server.

    Once you enable connection tracking these attacks are dead in the water. I have mine set to 8 hits a second before they're blocked and that put an end to them. Then are now banned before they get started and the server suffers almost no load from these attacks.

    I know most of this is nonsense to those running WP on shared hosts but I typed it for those running dedis so they know what is going on and how to stop the high server load attacks. (well at least one way).

    The hosts are mostly sending the notices to let customers know why their sites are going offline or running very slowly. The hosts should be blocking these brute force attacks by banning IPs that are abusing the server.
     
    • Thanks Thanks x 3
    Last edited: Apr 12, 2013
  19. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,872
    Gender:
    Male
    Awesome reply I must say. I do have a lot of WP sites in shared hosting, but godaddy is hosting all of them. So, I feel they will do something about the flood for sure.

    Do you suggest using Cloudflare by the way?
     
  20. kvmcable

    kvmcable Supreme Member

    Joined:
    Dec 28, 2010
    Messages:
    1,355
    Likes Received:
    2,815
    Occupation:
    24 year business owner - old school dude
    Location:
    KFC - BW3
    It depends on your business plan. Mine involves a lot of websites and a small hosting company for local clients. So for me it was better to learn server management and maintenance. Some people wouldn't have the same requirement so the learning curve might not be a wise investment. For them good managed hosting (very few offer this BTW) is more practical.
     
    • Thanks Thanks x 1