1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

REPORT: Widespread Wordpress Brute Hack Attack Suspected

Discussion in 'Blogging' started by WebmasterDeluxe, Apr 12, 2013.

Tags:
  1. WebmasterDeluxe

    WebmasterDeluxe Regular Member

    Joined:
    Jan 29, 2010
    Messages:
    279
    Likes Received:
    259
    Location:
    LA
    Home Page:
    • Thanks Thanks x 5
  2. tnhomestead

    tnhomestead Regular Member

    Joined:
    Oct 9, 2011
    Messages:
    385
    Likes Received:
    253
    Location:
    Tenneessee USA
    Home Page:
    I havent heard of this, and cant find any references to it online. That said there has been a lot of brute force attacks going on as usual. Wondering if it might be an attack just on your hosting company. I do get brute force attacks daily on our servers, but it seems most of them just try admin for the admin login name. I always tell clients to never use that!

    They are using bots with a list of passwords to try, such as p@$$word etc that are commonly used. I use a generator for passwords and suggest if not and you want security try this. They will try @ for a, $ for s etc -- all the standard tricks.

    Pick 1 or 2 symbols, I sill use %.
    Pick at least a 4 digit number dont use 1111, but for this will use it.
    Pick a name in this case i will use blackhat
    Now combine == %blackhat1111% Makes for a easy to remember but very secure password, of course you can combine in a different way such as %1111blackhat% or anyway you can remember easily.
     
  3. spmcnerd

    spmcnerd Regular Member

    Joined:
    Dec 20, 2010
    Messages:
    309
    Likes Received:
    106
    The other day in my bat cave... Had a[FONT=arial, sans-serif] mod-security blocking me (rude error message). Found out my VPN is/was the problem.

    Response -> [/FONT]The mod_security rule blocking access has been modified to prevent this block. The rules intended purpose was to deal Joomla and Wordpress brute force attempts we have seen recently from a large number of IPs with certain identifiable characteristics.
     
  4. crazyflx

    crazyflx Elite Member

    Joined:
    Nov 9, 2009
    Messages:
    1,674
    Likes Received:
    4,825
    Location:
    http://CRAZYFLX.COM
    Home Page:
    I was almost ready to immediately dismiss this post at that "press release" as BS due to the OP's selection of such a "low reputation" site to link to. However, it is legitimate. Here is a more trustworthy source to read about it from:

    http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/

    OP, while I appreciate you bringing this to the forums attention, next time you might want to select a better site to link to. That site you chose has zero PR and an alexa over 1,000,000...makes it look like a load of BS or that you have some kind of motivation for posting it.

    Again, not saying you did anything wrong, I actually had no idea about this tidbit of news and I run a very large number of WP blogs and appreciate the information. I'm just saying that for future reference so that others will take your post more seriously.
     
  5. Glassy

    Glassy Junior Member

    Joined:
    Mar 7, 2012
    Messages:
    126
    Likes Received:
    14
    It's been happening to me today and I am locked out of a whole heap of my WP sites that have 4 different hosts. 3 of my sites got hacked last week so I installed WP Better Security on all of my WP blogs but I think it's this plugin that has been locking down my sites.
     
  6. Markthedude

    Markthedude Power Member

    Joined:
    Feb 26, 2010
    Messages:
    572
    Likes Received:
    266
    Occupation:
    Entrepreneur
    Location:
    United States
    This explains the reason I panicked this morning after waking up and failing to be able to get into my admin area without being kicked out each time I click anything once I have access.

    It seems a password change is highly recommended from that Hostgator link, I also recommend that you install the "BBQ" plugin. You will see the full name "BBQ: Block Bad Queries" when you do the search. This plugin locks down your login access specific to the IP that's trying to log in after X amount of failed attempts for X amount of minutes.You specify the X time frames for both options.

    I have mine to set to lock down access after 3 failed attempts for 15 minutes.

    Thanks for posting this thread too, I seriously had no idea what was going on since I did finally have uninterrupted access after messing around for about 5 minutes. I can sleep well tonight knowing that my site isn't having "issues" and that I simply need to ride this out since I do secure my sites.
     
  7. Glassy

    Glassy Junior Member

    Joined:
    Mar 7, 2012
    Messages:
    126
    Likes Received:
    14
    And yes, make those passwords very hard and don't use the same passwords for each site. As mentioned before, use things like !#$^%&*( and make them as long as possible.

    Old plugins that haven't been used in a long time can also be a security threat and some hackers can get in this way too.

    Hackers can also get into cpanel and a good host will have security measures in place to prevent this from happening.
     
  8. Glassy

    Glassy Junior Member

    Joined:
    Mar 7, 2012
    Messages:
    126
    Likes Received:
    14
    Oh and backup your site each time you make a change to it and save it somewhere on your computer because once your site is hacked, it can be very hard to find all of the infected files as they sometimes hide or mimic other files.
     
  9. formosa

    formosa Regular Member

    Joined:
    Apr 30, 2008
    Messages:
    309
    Likes Received:
    27
    Home Page:
    from my host when i try login

     
  10. ID Internet Marketer

    ID Internet Marketer Senior Member

    Joined:
    Jan 22, 2013
    Messages:
    938
    Likes Received:
    1,442
    Occupation:
    Blackhatworld Member
    Location:
    My Private ***
    you need to install limit login attempts. it's the best to prevent hacking using brute force.
     
  11. zerofoxtrot

    zerofoxtrot Senior Member

    Joined:
    Dec 17, 2011
    Messages:
    810
    Likes Received:
    539
    My new WordPress website is still fine here... :)
    Just install some security plugins, might not be 100% safe, but it's something.
     
  12. viralking

    viralking Power Member

    Joined:
    Nov 11, 2012
    Messages:
    757
    Likes Received:
    205
    Location:
    Cpadoom.com
    Home Page:
    guys this started yesterday morning
     
  13. michael8t6

    michael8t6 Regular Member

    Joined:
    Apr 28, 2012
    Messages:
    285
    Likes Received:
    229
    Location:
    somewhere on this god forsaken planet
    If the hacker knows what they're doing then they can always access the user and pass threw sql-injection, the password may come out in md5 format though. This is relatively easy to crack though using a md5 reverser!

    I'd prob suggest the same as others, try not to use a plugin that's not been updated recently, strong passwords and don't use the default username "admin" for the pass. Use a mixture of uppercase, lowercase, numbers and symbols! If you think the pass isn't strong enough then test it here: http://howsecureismypassword.net/ that gives you a rough idea of how long it would take a basic desktop to bruteforce your pass, no idea if it's actually acruate but I used it when creating my passwords and so far no succesfull bruteforces ;)

    Also do the norm of backing up your DB once a month by default and after every major change to the site. There's a plugin called updraftplus, http://wordpress.org/extend/plugins/updraftplus/

    It links to dropbox or can send emails, but it makes a weekly or monthly back up and does all the work for you so you can sit back and concerntrate on the finer things like makeing coffee :)
     
  14. buddieluv

    buddieluv Junior Member

    Joined:
    Apr 30, 2009
    Messages:
    153
    Likes Received:
    35
    Unfortunately I'm one of those that's been receiving Brute Force attempts on my wordpress blogs, all 100 of them!
    I had installed the requisite security but hadn't updated any of them in a while... so you can imagine the scrambling as these messages started flying in... almost on a minute by minute basis.

    2w3dsmu.jpg

    There's is a widespread attack on wordpress installs right now.. and the best plugin I've found for this is wp-lockup which redirects the /wp-login.php or /wp-admin urls to the root domain by adding random characters to the end of your domain extension

    Thankfully, none of my blogs were hacked, but still... ;(
     
  15. kvmcable

    kvmcable Supreme Member

    Joined:
    Dec 28, 2010
    Messages:
    1,355
    Likes Received:
    2,815
    Occupation:
    24 year business owner - old school dude
    Location:
    KFC - BW3
    I posted on the other thread about this but really the hosting companies should be blocking this behavior. I picked this up on one of my dedis (I run a lot of them) 2 days ago and actively watched what was going on. I set up LFD with connection tracking and put the setting at 8 connections a second per IP. That stopped the attacks immediately on that server. We still see them visiting but by the time they put any load on Apache they're banned from the server.

    I set this up two days ago on all our dedis and with more than 1000 WP sites we haven't had any high loads and not a single site hacked.
     
  16. thejake

    thejake Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 13, 2009
    Messages:
    685
    Likes Received:
    828
  17. buddieluv

    buddieluv Junior Member

    Joined:
    Apr 30, 2009
    Messages:
    153
    Likes Received:
    35
    Hi, could you please help those of us uninitiated in security what LFD stands for?
    Better Wordpress Security Plugin perhaps? :)

    Thanks in advance