Global Wordpress Brute Force Attack - GoFuckYourself.com

AdultKing · 04-12-2013, 08:50 AM

Right now there is a global Wordpress brute force attack taking place where up to 90,000 individual IP addresses have been detected as involved.

http://blog.sucuri.net/2013/04/mass-...r-reality.html

http://blog.sucuri.net/2013/04/prote...e-attacks.html

Check your server logs, ensure you have strong passwords and preferably don't use "admin" as your login name.

Phoenix · 04-12-2013, 09:24 AM

who would have guessed wordpress is vulnerable?

2013 · 04-12-2013, 09:32 AM

what's a word press

Nasty · 04-12-2013, 09:35 AM

This plugin prevents the unlimited login attempt's WordPress allows

http://wordpress.org/extend/plugins/...ogin-attempts/

Fat Panda · 04-12-2013, 09:37 AM

fun stuff

2012 · 04-12-2013, 09:38 AM

i made da wordpess imma da webpage dedinuuhhhh . i dedign webpage

CurrentlySober · 04-12-2013, 09:40 AM

Quote:

Originally Posted by 2013

what's a word press

i cunt a4d a word being pressed...

Mark.Roy · 04-12-2013, 09:54 AM

Thanks for heads up.

Emil · 04-12-2013, 10:38 AM

I assume that as long as you use a decent password you should be OK since they're using wordlists for the attacks?

ottopottomouse · 04-12-2013, 10:43 AM

Quote:

Originally Posted by Phoenix

who would have guessed wordpress is vulnerable?

The vulnerability is just down to the number of users and the likelihood of people being stupid enough to use abc123 as their password.

seeandsee · 04-12-2013, 10:52 AM

I use good password, so they will not enter that way

bigluv · 04-12-2013, 11:37 AM

Thanks for the heads up. It always amazes me that websites dont have more sophisticated anti-hacking measures along these lines.

RubyGoodnight · 04-12-2013, 12:56 PM

Thanks, AK - passed the word along.

GonZo · 04-12-2013, 12:58 PM

Quote:

Originally Posted by AdultKing

Right now there is a global Wordpress brute force attack taking place where up to 90,000 individual IP addresses have been detected as involved.

http://blog.sucuri.net/2013/04/mass-...r-reality.html

http://blog.sucuri.net/2013/04/prote...e-attacks.html

Check your server logs, ensure you have strong passwords and preferably don't use "admin" as your login name.

MojoHost took care of me hours ago as they always do.
Issue was resolved before I got out of bed.

Only reason you might worry is if your server isnt hosted at MojoHost.

JesseQuinn · 04-12-2013, 01:03 PM

Quote:

Originally Posted by Nasty

This plugin prevents the unlimited login attempt's WordPress allows

http://wordpress.org/extend/plugins/...ogin-attempts/

^^that plugin is great for keeping out specific people who want to fuck with someone's wordpress, but from the articles linked in the OP it appears that so many different IPs (90 000 unique IPs) are involved that the plugin isn't very effective

it's still a great plugin, just not against this sort of attack

Quote:

Originally Posted by ottopottomouse

The vulnerability is just down to the number of users and the likelihood of people being stupid enough to use abc123 as their password.

^^^I'm saying.

unrelated to wordpress, I had a bunch of weird questions from pseudo-customers a few weeks back (3 on the same day) asking me to play the 'porn star name game' (where the answers are one's middle name, street one grew up on, name of one's first pet, etc). It didn't occur to me that it was anything significant (other than being weird) until I read that those are often password retrieval questions for online accounts. It was a total 'duh' moment and I'm glad I just ignored the losers who had asked me.

/threadjack

thanks for posting the links, AdultKing

ottopottomouse · 04-12-2013, 01:34 PM

There is always quite a few sites about harvesting passwords in the guise of Check How Secure Your Password Is too.

Heath · 04-12-2013, 01:38 PM

So is admin1234 not secure? Man. I got a lot of sites to change. Can anyone help?

Forest · 04-12-2013, 01:55 PM

Quote:

Originally Posted by Populace

So is admin1234 not secure? Man. I got a lot of sites to change. Can anyone help?

change it to pass123

NaughtyVisions · 04-12-2013, 01:58 PM

Quote:

Originally Posted by Forest

change it to pass123

or simply "password."

LouiseLloyd · 04-12-2013, 02:08 PM

Use .htaccess to password protect /wp-admin folder and add deny access to all traffic excluding your own IP.

RazorSharpe · 04-12-2013, 02:16 PM

http://wordpress.org/extend/plugins/...in-security-2/

this looks rather nifty

xxxjay · 04-12-2013, 03:48 PM

We had to deal with it yesterday

discounts.xxx · 04-12-2013, 04:15 PM

Why would they want to hit Wordpress? I was aware of this yesterday....unfortunately..

Captain Kawaii · 04-12-2013, 11:31 PM

Thanks for the info all.

babymaker · 04-13-2013, 12:11 AM

Quote:

Originally Posted by GonZo

MojoHost took care of me hours ago as they always do.
Issue was resolved before I got out of bed.

Only reason you might worry is if your server isnt hosted at MojoHost.

M3Server took care of it before I heard of it as well, got an email awhile ago

blazin · 04-13-2013, 12:16 AM

Stick you wp-admin directory behind a basic authentication prompt as well

just a punk · 04-13-2013, 01:27 AM

Quote:

Originally Posted by Phoenix

who would have guessed wordpress is vulnerable?

Vulnerable? How password bruteforcing is related to the definition of "vulnerability"?

icymelon · 04-13-2013, 01:47 AM

Quote:

Originally Posted by GonZo

MojoHost took care of me hours ago as they always do.
Issue was resolved before I got out of bed.

Only reason you might worry is if your server isnt hosted at MojoHost.

my server was down at mojo. they want me to upgrade. too many blogs on one box

Freedom6995 · 04-13-2013, 04:27 AM

Quote:

Originally Posted by LouiseLloyd

Use .htaccess to password protect /wp-admin folder and add deny access to all traffic excluding your own IP.

04-12-2013, 08:50 AM	#1
AdultKing Raise Your Weapon Industry Role: Join Date: Jun 2003 Location: Outback Australia Posts: 15,605	Global Wordpress Brute Force Attack Right now there is a global Wordpress brute force attack taking place where up to 90,000 individual IP addresses have been detected as involved. http://blog.sucuri.net/2013/04/mass-...r-reality.html http://blog.sucuri.net/2013/04/prote...e-attacks.html Check your server logs, ensure you have strong passwords and preferably don't use "admin" as your login name.

04-12-2013, 09:24 AM	#2
Phoenix BACON BACON BACON Industry Role: Join Date: Nov 2002 Location: Poems everybody, the laddie fancies himself a poet Posts: 35,457	who would have guessed wordpress is vulnerable? __________________ Skype Phoenixskype1 Telegram PhoenixBrad https://quantads.io

04-12-2013, 09:35 AM	#4
Nasty Confirmed User Industry Role: Join Date: Aug 2002 Location: Sunny Fucking California Posts: 1,575	This plugin prevents the unlimited login attempt's WordPress allows http://wordpress.org/extend/plugins/...ogin-attempts/ __________________ “Ours is a world of nuclear giants and ethical infants. We know more about war than we know about peace, more about killing than we know about living. If we continue to develop our technology without wisdom or prudence, our servant may prove to be our executioner.” ― Omar Bradley (1948)

04-12-2013, 09:38 AM	#6
2012 So Fucking What Industry Role: Join Date: Jul 2006 Posts: 17,189	i made da wordpess imma da webpage dedinuuhhhh . i dedign webpage __________________ best host: Webair \| best sponsor: Kink \| best coder: 688218966 \| Go Fuck Yourself

04-12-2013, 09:54 AM	#8
Mark.Roy Confirmed User Industry Role: Join Date: Apr 2013 Posts: 122	Thanks for heads up. __________________ email: mark[at]insanedollars[dot]com \| ICQ::685~986~008 Flat $125 PPS Cam Site! Make Insane Dollar$!!

04-12-2013, 09:32 AM	#3
2013 So Fucking Banned Industry Role: Join Date: Jan 2013 Location: lollling Posts: 4,390	what's a word press

04-12-2013, 09:37 AM	#5
Fat Panda Porn is Dead. Move along. Industry Role: Join Date: Aug 2006 Posts: 13,295	fun stuff

04-12-2013, 10:38 AM	#9
Emil Confirmed User Join Date: Feb 2007 Location: Sweden Posts: 5,623	I assume that as long as you use a decent password you should be OK since they're using wordlists for the attacks? __________________ Free 🅑🅘🅣🅒🅞🅘🅝🅢 Every Hour (Yes, really. Free ₿itCoins.) (Signup with ONLY your Email and Password. You can also refer people and get even more.)

04-12-2013, 10:52 AM	#11
seeandsee Check SIG! Industry Role: Join Date: Mar 2006 Location: Europe (Skype: gojkoas) Posts: 50,945	I use good password, so they will not enter that way __________________ BUY MY SIG - 50$/Year Contact here

04-12-2013, 11:37 AM	#12
bigluv Confirmed User Join Date: Jul 2008 Posts: 850	Thanks for the heads up. It always amazes me that websites dont have more sophisticated anti-hacking measures along these lines.

04-12-2013, 12:56 PM	#13
RubyGoodnight Confirmed User Industry Role: Join Date: Oct 2011 Location: SE New England Posts: 577	Thanks, AK - passed the word along. __________________ Just your run of the mill former fetish performer who is now writing for adult web sites. If you want authentic detail that gets noticed, get in touch. email: smut [at] rubygoodnight [dot] com \| twitter: @RubyGoodnight \| Skype: RubyGoodnight portfolio : rubygoodnight.com \| non-exclusive adult written content: downloads.rubygoodnight.com Last edited by RubyGoodnight; 04-12-2013 at 12:58 PM..

04-12-2013, 01:34 PM	#16
ottopottomouse She is ugly, bad luck. Industry Role: Join Date: Jan 2010 Posts: 13,177	There is always quite a few sites about harvesting passwords in the guise of Check How Secure Your Password Is too. __________________ ↑ see post ↑ 13101

04-12-2013, 01:38 PM	#17
Heath Confirmed User Join Date: Sep 2008 Posts: 491	So is admin1234 not secure? Man. I got a lot of sites to change. Can anyone help? __________________ Email - popuplace [at] yahoo [dot] com

04-12-2013, 02:08 PM	#20
LouiseLloyd SO FUCKING SCAMMED Industry Role: Join Date: Mar 2010 Location: UK Posts: 1,377	Use .htaccess to password protect /wp-admin folder and add deny access to all traffic excluding your own IP. __________________ Tube Theme • Paysite Theme • TikTok Theme

04-12-2013, 02:16 PM	#21
RazorSharpe Confirmed User Industry Role: Join Date: Aug 2001 Location: Scotland Posts: 2,238	http://wordpress.org/extend/plugins/...in-security-2/ this looks rather nifty __________________ Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

04-12-2013, 03:48 PM	#22
xxxjay Tube groupie. Industry Role: Join Date: Aug 2002 Location: LoScandalous, CA Posts: 13,483	We had to deal with it yesterday __________________ http://donttellmehowtoruinmylife.com/ - http://www.jmdigitalmarketing.com/my...s-and-reviews/ - http://www.wouldyouhitit.org - http://shinyobjectreviews.com/

04-12-2013, 04:15 PM	#23
discounts.xxx Registered User Industry Role: Join Date: May 2012 Location: Over the Rainbow Posts: 83	Why would they want to hit Wordpress? I was aware of this yesterday....unfortunately.. __________________ Skype: guanche01 www.discountsxxx.com [email protected]

04-12-2013, 11:31 PM	#24
Captain Kawaii So Fucking Banned Industry Role: Join Date: Oct 2007 Posts: 6,748	Thanks for the info all.

04-13-2013, 12:16 AM	#26
blazin Confirmed User Join Date: Aug 2002 Posts: 2,781	Stick you wp-admin directory behind a basic authentication prompt as well __________________ I don't endorse a god damn thing......