Global Wordpress Brute Force Attack
 

Right now there is a global Wordpress brute force attack taking place where up to 90,000 individual IP addresses have been detected as involved.

http://blog.sucuri.net/2013/04/mass-...r-reality.html

http://blog.sucuri.net/2013/04/prote...e-attacks.html

Check your server logs, ensure you have strong passwords and preferably don't use "admin" as your login name.

who would have guessed wordpress is vulnerable?

what's a word press

This plugin prevents the unlimited login attempt's WordPress allows

http://wordpress.org/extend/plugins/...ogin-attempts/

fun stuff

i made da wordpess imma da webpage dedinuuhhhh . i dedign webpage
http://i.imgur.com/7lbvhHX.jpg

i cunt a4d a word being pressed... :(

Thanks for heads up.

I assume that as long as you use a decent password you should be OK since they're using wordlists for the attacks?

The vulnerability is just down to the number of users and the likelihood of people being stupid enough to use abc123 as their password.

I use good password, so they will not enter that way

Thanks for the heads up. It always amazes me that websites dont have more sophisticated anti-hacking measures along these lines.

Thanks, AK - passed the word along.

MojoHost took care of me hours ago as they always do.
Issue was resolved before I got out of bed.

Only reason you might worry is if your server isnt hosted at MojoHost.

^^that plugin is great for keeping out specific people who want to fuck with someone's wordpress, but from the articles linked in the OP it appears that so many different IPs (90 000 unique IPs) are involved that the plugin isn't very effective

it's still a great plugin, just not against this sort of attack


^^^I'm saying.

unrelated to wordpress, I had a bunch of weird questions from pseudo-customers a few weeks back (3 on the same day) asking me to play the 'porn star name game' (where the answers are one's middle name, street one grew up on, name of one's first pet, etc). It didn't occur to me that it was anything significant (other than being weird) until I read that those are often password retrieval questions for online accounts. It was a total 'duh' moment and I'm glad I just ignored the losers who had asked me.

/threadjack

thanks for posting the links, AdultKing

There is always quite a few sites about harvesting passwords in the guise of Check How Secure Your Password Is too.

So is admin1234 not secure? Man. I got a lot of sites to change. Can anyone help?

change it to pass123

or simply "password." :2 cents: :thumbsup

Use .htaccess to password protect /wp-admin folder and add deny access to all traffic excluding your own IP.

http://wordpress.org/extend/plugins/...in-security-2/

this looks rather nifty

We had to deal with it yesterday

Why would they want to hit Wordpress? I was aware of this yesterday....unfortunately..

Thanks for the info all.

M3Server took care of it before I heard of it as well, got an email awhile ago :thumbsup

Stick you wp-admin directory behind a basic authentication prompt as well

Vulnerable? How password bruteforcing is related to the definition of "vulnerability"?

my server was down at mojo. they want me to upgrade. too many blogs on one box

:thumbsup