UPDATED 06:15 EDT / APRIL 15 2013

NEWS

How To Sidestep The WordPress Botnet Hack

If you happen to use WordPress to host your company website or blog, then you’ll probably be worried by news that the ecosystem is currently facing its worst ever coordinated brute force attack, as hackers attempt to gain control of WordPress blogs using a 90,000 strong botnet.

The attack has been ongoing since last Thursday and was reported by various tech sites including Ars Tecnica and Krebs on Security, which claim that HostGator and other web host servers first spotted the attack on April 11. The attack has apparently slowed down dozens of servers and led to some users being locked out of their websites. According to these sources, whoever is behind the botnet is attempting to hack users that keep “Admin” as their default username (which means that if you’re guilty of doing so, now’s the time to change it).

The Next Web adds to the story, saying that the DDoS mitigation specialist CloudFlare (who were at the center of the cyber-fight between Spamhaus and CyberBunker two weeks ago) is currently trying to ward off the attacks. According to their CEO Mathew Prince, this latest attack is by far and away the most powerful ever to be waged on WordPress, with the botnet capable of testing as many as two billion passwords an hour. He also points out that it’s not only WordPress sites being attacked – some Joomla sites have also been affected, although the bulk of the attack is directed against the latter.

Matt Mullenweg, creator of WordPress, confirmed the attack on his own blog, making the following recommendations:

“Most other advice isn’t great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours).”

What this means is if you’re best line of defense is a plug-in that limits the number of attempts that one IP has to login to your WordPress site, this probably isn’t going to help much, due to the sheer scale of the attack.

Why Would Anyone Want To Take Over WordPress?

 

Quite simply, because of the servers that most WordPress blogs are hosted on. Forbes points out that unlike home computers, the servers that host WP blogs pack some serious processing power, and so they would be a tremendous asset for anyone attempting to build a botnet. Such a botnet would have infinitely more power than a ‘regular’ botnet, allowing whoever controlled it to launch DDoS attacks that are far stronger than what we typically see. Currently, there’s an estimated 64 million websites worldwide hosted on WordPress, and if hackers could control even a fraction of these they’d have an awesome amount of computing power within their grasp.

How Can You Prevent Your Own Site From Being Compromised?

 

Fortunately, companies and individuals that have sites hosted on WordPress can easily avoid being targeted by the botnet. The following steps should be taken not just to prevent your own site being hacked, but also to avoid becoming part of the larger problem – once your site is hacked (and the server it’s hosted on becomes compromised), it can then be used to infiltrate other sites.

Forbes recommends the following best practices to reduce your chances of becoming part of the botnet:

Change your username: This is especially pressing if you’re still using “Admin” by default – choose something that’s fairly unique to make it harder for the hackers to guess. Additionally, change your password too, and make it strong by using a combination of numbers, letters and special characters.

Use two-step authentication: This is an extra security precaution provided by WordPress that ensures you’re not a botnet before logging on. Slightly more annoying, but it does make your site a lot more secure.

Consider free services from CloudFlare and others: We don’t really like advertising here at SiliconANGLE, but the free plans offered by CloudFlare at the moment are guaranteed to automatically block any login attempt that looks like it’s a part of the brute force attack.

Update WordPress: Matt Mullenweg strongly advises that users update to the latest version of WP, as he says that hackers like to exploit known vulnerabilities in the older versions. We should point out that this advice doesn’t seem to be as immediately relevant as that listed above. However, Mullenweg promises that “you’ll be ahead of 99% of sites out there and probably never have a problem,” so long as you follow these steps.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU