If you read my post yesterday (April 14, 2013), you’ll be aware that there’s been a concerted effort to attack WordPress sites all across the world in the last several days.
So, what’s known so far, based on the collected and analyzed data is that a very large majority of the attacks are coming from local PC boxes. How did someone figure that out? It’s because their IP’s and incoming signatures are being seen.
What’s The Purpose of The Attack?
Best guess at the moment is the creation of a large WordPress botnet.
A botnet is a collection of internet-connected programs communicating with other similar programs in order to perform tasks. – Wikipedia
What kind of tasks? It could be sending out millions of spam emails. But, given how much more powerful a WordPress based botnet would be over a PC-based one, one likely use is in Distributed Denial of Service (DDoS) attacks on major websites. Such a tool could be used by hactivists – groups who are out to push a cause or an agenda of some kind.
On the other hand, a WordPress botnet might be turned to other uses. It’s simply too early to tell what the ultimate agenda is here. But you could this of this attack as a time-bomb; you know something’s happening (the bomb has been placed) but you can’t see the timer or specifically where the bomb is. It might detonate at some point in the future rather than right now.
The United States Computer Emergency Readiness Team (US-CERT) had this to say:
US-CERT is aware of an ongoing campaign targeting the content management software WordPress, a free and open source blogging tool and web publishing platform based on PHP and MySQL. All hosting providers offering WordPress for web content management are potentially targets. Hackers reportedly are utilizing over 90,000 servers to compromise websites’ administrator panels by exploiting hosts with “admin” as account name, and weak passwords which are being resolved through brute force attack methods.
CloudFlare, a web performance and security startup, has to block 60 million requests against its WordPress customers within one hour elapse time. The online requests reprise the WordPress scenario targeting administrative accounts from a botnet supported by more than 90,000 separate IP addresses. A CloudFlare spokesman asserted that if hackers successfully control WordPress servers, potential damage and service disruption could exceed common distributed denial of service (DDoS) attack defenses. As a mitigating strategy, HostGator, a web hosting company used for WordPress, has recommended users log into their WordPress accounts and change them to more secure passwords.
US-CERT encourages users and administrators to ensure their installation includes the latest software versions available. More information to assist administrators in maintaining a secure content management system include:
- Review the June 21, 2012, vulnerability described in CVE-2012-3791, and follow best practices to determine if their organization is affected and the appropriate response.
- Refer to the Technical Alert on Content Management Systems Security and Associated Risks for more information on securing a web content management system
- Refer to Security Tip Understanding Hidden Threats: Rootkits and Botnets for more information on protecting a system against botnet attacks
- Additional security practices and guidance are available in US-CERT’s Technical Information Paper TIP-12-298-01 on Website Security
Watch this space. This thing ain’t over yet!
Click Here To Secure Your Sites…
Next Article: Why WordPress?
Tagged with: botnet • DDoS attack • hacking wordpress • wordpress brute force attack • WordPress hack • wordpress security
Filed under: WordPress Security
Right now it appears like Expression Engine is the top blogging platform
out there right now. (from whast I’ve read) Is that what you’re using on your blog?
Hi Laverne,
No, I build sites exclusively using WordPress, which is still the most popular blogging platform available with 63% of market share (you can see the figures here). Joomla comes in second with 16%. I’d guess, that since Expression Engine isn’t listed, it falls into the “Other” category, all of which accxounts for just 9% of market share.
WordPress is free whereas Expression Engine costs about $300. There’s a much, much larger developer community for WordPress too which provides many more ways to extend WordPress’ functionality through the use of plugins and themes. Yes, Premium items cost money but you can buy only those plugins and themes that you need.
With there being such a huge range of plugins (tens of thousands at this stage), it’s hard to know what ones to use and what ones play well together. That’s where my expertise comes in with the blogs I build.
Regards,
Gary
I want to start a DIY blog for Party & Event Specialty. I want to share photos and ideas with my viewers and promote my affiliated products in the ideas and content I share. What I cant figure out, is how I can design the blog so that I can change my content with the holidays, or special occasions and the content still flow with the niche of the site. Also, a very diffucult problem I’m facing is how I post my links of the “many” affiliates I am partnered with and have the site designed to showcase these changes at all times.
Hi Meka,
I’m not sure I understand what you’re trying to do with your content on holidays and such. The only way to change content is to edit it in your blog and republish it. If you’re thinking of changing the look of your blog to suit particular holidays and occasions, rather than actually changing the content in posts and pages, then you can swap out your current WordPress theme for another that’s related to the holiday; e.g. swapping out a simple blog theme for, say, a theme built around Christmas or Halloween. All you need to do is upload the new theme and activate it and look of every page and post on your site will change.
As to managing affiliate links, use a plugin like “Pretty Link Lite“, this masks your affiliate links so that they look like they’re links on your own domain. If you ever need to swap out a link, simply edit the link in Pretty Links. Links on your site to the original product will now direct users to the replacement product.
If you want a way to automatically hyperlink keywords in your content to affiliate products, you’ll need to use a paid plugin like Ninja Affiliate or Pretty Links Pro.
Regards,
Gary