Apr 16, 2013

WordPress Blogs Attacked: What You Need to Know

Reports of an attack against WordPress and Joomla sites spread through the tech community this weekend, as a large botnet launched brute-force, dictionary-based login attempts on user accounts. According to researchers at hosting companies like CloudFlare and HostGator, some 90,000 IP addresses were involved in the latest series of attacks, leading them to speculate that the overarching goal is to expand the botnet of infected computers to potentially create a super botnet. With some 18% of websites running WordPress, the potential scale is enormous.

Although the attack is no longer breaking news, we wanted to alert LastPass users and clarify what you should know:
  • The attack is focusing on common account usernames - admin, test, administrator, Admin, root - and is systematically testing common passwords to break in to accounts with those usernames. The top five passwords attempted in the hack are "admin," "123456," "111111," "666666," and "12345678."
  • The goal is not a data dump of user accounts - this is a large-scale attack that aims to take over a user's machine, using the server as a stepping stone in order to add it to the botnet's arsenal. A network of compromised machines can wreak havoc in a distributed denial-of-service (DDoS) attack.
  • If you are a WordPress user using CloudFlare, you are protected from the latest attack, according to their blog post.
The best steps LastPass users can take at this time:
We'll update our users if any further action should be taken. As always, be vigilant and protect your most important accounts.

5 comments:

  1. Great post LastPass! Our WordPress site has been hacked several times in the past couple months. We've updated all our passwords, as well as updated our LastPass entries. Hopefully we'll be good to go.

    I posted a blog of our own on being hacked and what measures we took to make our site more secure, and to make sure we had regular backups scheduled in case of future hacks.

    http://www.digitalc4.com/marketing/wordpress-site-been-hacked.html

    Being hacked is a major pain, but your steps above can help big time! Backups are critical too!

    ReplyDelete
    Replies
    1. Thank you for sharing your story, Jason!

      Delete
  2. My Fail2Ban has blocked 4 IPs so far today! That is up from one or two per week.

    ReplyDelete
  3. When I got an email from my web host Powweb warning me of the WordPress attack I wasn't too concerned. I launched LastPass and looked at my password. There is no way to brute force my password! Thanks LastPass!

    ReplyDelete
  4. If you wish for to imprοvе your κnοw-how only keep vіsiting this sitе and be updated ωith the mοst recent gossip ρostеd here.



    Here is mу ωeb blog; bitper.com

    ReplyDelete