Global WordPress Bruteforce Under Way (and low frequency radio stuff)

If you run a self-hosted WordPress-based blog, check it for compromise and make sure your passwords are up to scratch (read: long and complicated). There’s currently a massive brute force effort underway to break into the Internet’s WordPress-based blogs… so massive it’s causing trouble for one of the largest web hosting companies (that therefore hosts lots of WordPress blogs).

I note that hacked WordPress blogs were — for the Anonymous OpLastResort folks (https://twitter.com/oplastresort) — a favorite “publisher of last resort” for distributing hacked documents.

Low frequency radio stuff: Since there was some interest in it, it’s worth noting there have been a bunch of worthwhile low-end-of-the-radio-spectrum links (primarily oriented towards RTLSDR users on the 0-30Mhz band) popping up of late: http://www.reddit.com/r/RTLSDR/comments/1c1jbp/sdr_options_between_030mhz_range/ http://www.reddit.com/r/RTLSDR/comments/1c1jbp/sdr_options_between_030mhz_range/

This doesn’t mean RTLSDR is necessarily the way to go, but it is a cheap and increasingly well documented way.

(And the problem of building a broadband antenna at these frequencies still exists… good luck setting up a conical monopole at these frequencies in your average residential space.)

http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/ http://krebsonsecurity.com/2013/04/brute-force-attacks-build-wordpress-botnet/

“Security experts are warning that an escalating series of online attacks designed to break into poorly-secured WordPress blogs is fueling the growth of an unusually powerful botnet currently made up of more than 90,000 Web servers.

Over the past week, analysts from a variety of security and networking firms have tracked an alarming uptick in so-called “brute force” password-guessing attacks against Web sites powered by WordPress, perhaps the most popular content management system in use today (this blog also runs WordPress).

According to Web site security firm Incapsula, those responsible for this crime campaign are scanning the Internet for WordPress installations, and then attempting to log in to the administrative console at these sites using a custom list of approximately 1,000 of the most commonly-used username and password combinations.

Incapsula co-founder Marc Gaffan told KrebsOnSecurity that infected sites will be seeded with a backdoor the lets the attackers control the site remotely (the backdoors persist regardless of whether the legitimate site owner subsequently changes his password). The infected sites then are conscripted into the attacking server botnet, and forced to launch password-guessing attacks against other sites running WordPress.”

Advertisements
%d bloggers like this: