1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wordpress Exploit ... Heads Up For BHW Members

Discussion in 'BlackHat Lounge' started by jammie, Apr 14, 2013.

  1. jammie

    jammie Power Member

    Joined:
    Feb 24, 2008
    Messages:
    773
    Likes Received:
    454
    I know a few people here use wordpress.

    Currently theres a bot net targetting the default admin user ("admin") and attempting to brute force the password. 90,000 IPs have been targetted and have been detected on HostGator amongst others.

    Readmore:

    http://phys.org/news/2013-04-admin-password-wordpress.html
     
    • Thanks Thanks x 2
  2. hackgen

    hackgen Regular Member

    Joined:
    Sep 23, 2011
    Messages:
    350
    Likes Received:
    103
    Location:
    127.0.0.1
    Thank you for informations bro
     
  3. ilovestocks

    ilovestocks Junior Member

    Joined:
    Dec 13, 2012
    Messages:
    155
    Likes Received:
    129
    Occupation:
    Stay at home mom
    Location:
    United States
    People really need to get rid of that admin username. Recently I saw someone trying that on mine but luckily I had changed it long before. I got that plugin wp better security(I think that's the name), and it shows you a log of people trying to sign in.
     
    • Thanks Thanks x 1
  4. IamNRE

    IamNRE Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 18, 2010
    Messages:
    4,775
    Likes Received:
    7,173
    Occupation:
    Generate Leads With FB Ads For Just $1
    Home Page:

    How do I change the username?

    I can't delete the admin profile and I can't change the admin username.
     
  5. WPRipper

    WPRipper Supreme Member

    Joined:
    Mar 24, 2010
    Messages:
    1,400
    Likes Received:
    1,524
    Location:
    Proudly romanian
    "The attacker is brute force attacking the WordPress administrative portals, using the username 'admin' and trying thousands of passwords."

    Solution is simple as you can see.
     
  6. blackhaterz

    blackhaterz Junior Member

    Joined:
    Jan 21, 2013
    Messages:
    161
    Likes Received:
    89
    You can change username in phpmyadmin.
    I also have a great ddos script i try it on my every WP site using ninja security and CDN high security but the script is damn good it breaks every security so i think stay away from WP. now i started making sites in html and some rare scripts.
     
  7. Junkfood00

    Junkfood00 Elite Member

    Joined:
    Sep 13, 2011
    Messages:
    1,949
    Likes Received:
    1,337
    Deleting and assigning and more is just bunch of headache. Just go ahead right into the database, using any tool such as phpmyadmin and change the username in the wp_users table.

    You just learned how to do something 1000s of people don't know, so just email everybody, linking to the news page, and make money by offering admin name change. :cool:
     
    • Thanks Thanks x 3
  8. T2tkid

    T2tkid Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 13, 2010
    Messages:
    3,705
    Likes Received:
    1,694
    It is very very easy to change the 'admin' to any other name using the better wordpress security plugin
     
    • Thanks Thanks x 1
  9. Giederius

    Giederius Junior Member

    Joined:
    Jan 20, 2013
    Messages:
    138
    Likes Received:
    23
    Damn... I can't log into dashboard. it says
    [h=1]Error establishing a database connection[/h]I hope everything is ok ;x
     
  10. IamNRE

    IamNRE Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 18, 2010
    Messages:
    4,775
    Likes Received:
    7,173
    Occupation:
    Generate Leads With FB Ads For Just $1
    Home Page:

    Nice share... really user friendly plugin! My site is now much safer IMO.

    Thanks
     
  11. neutralhatter

    neutralhatter Jr. VIP Jr. VIP

    Joined:
    Jun 23, 2010
    Messages:
    437
    Likes Received:
    332
  12. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,211
    Likes Received:
    5,238
    Location:
    He who laughs last, laughs longest.
    How is this an exploit? Misleading title. lol
     
    • Thanks Thanks x 3
  13. capripio

    capripio Regular Member

    Joined:
    Dec 25, 2010
    Messages:
    248
    Likes Received:
    157
    Its look like a lots of work for me I hope there should be bot for this aswell :p
     
  14. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,211
    Likes Received:
    5,238
    Location:
    He who laughs last, laughs longest.
    It's easier than you think and I'd rather do it through phpMyAdmin than through a plugin.

    Code:
    http://www.wpbeginner.com/wp-tutorials/how-to-change-your-wordpress-username/
     
  15. magguy

    magguy Newbie

    Joined:
    Jan 23, 2013
    Messages:
    48
    Likes Received:
    10
    Great topic. My ISP took me off line after detecting the attack. It spiked the CPU on the server. They suggested adding lines to the .htaccess to lock down the wp admin pages to set IP. Is this a good fix? Changing the admin name is good (something I already did) but will not stop the attempted logins and the server spike.
     
  16. capripio

    capripio Regular Member

    Joined:
    Dec 25, 2010
    Messages:
    248
    Likes Received:
    157
    Lol bro I have design many themes of wp for clients. And I know about tweak with mysql to change stuff. But seriously atm I am lazy as hell! :p
     
  17. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,211
    Likes Received:
    5,238
    Location:
    He who laughs last, laughs longest.
    Sounds like a good fix to me but I'm not entirely sure. You'll probably still get hits, though that depends on what the bot is doing. Redirect all IP's but your one to somewhere else, like Google or something. It sounds like the guys at your ISP know what they are talking about.
     
  18. AnotherOne

    AnotherOne Senior Member

    Joined:
    Nov 28, 2011
    Messages:
    950
    Likes Received:
    189
    Occupation:
    SQA
    Location:
    JMeter & Selenium
    This is the very reason why all the old users of WordPress don't use "admin" as username. I think this is the second security tip besides using a custom "db and table name".
     
  19. capripio

    capripio Regular Member

    Joined:
    Dec 25, 2010
    Messages:
    248
    Likes Received:
    157
    BTW I have noticed that, Our posts show username on posts as author it can taken as bad for our site too!
     
  20. N1ckG2

    N1ckG2 Regular Member

    Joined:
    Dec 17, 2011
    Messages:
    305
    Likes Received:
    115
    Keep the admin username, set up an easy to guess pass like 123 or so, then make it a regular user (not admin privileges) so bots are happy to login but cant do much with your site.

    Last time (almost an year ago) my sites hosted on different hosting were all hacked. Lucky i had backups and restored everything (took me a few days). Now i use completely new hosting providers, have backups and am waiting to see what's going on. I do believe top hosting providers (not the cheap one you pay $1/mo) should protect us.