HostGator’s analysis found that this is a well-organized and very
distributed attack. The company believes that about 90,000 IP addresses
are currently involved. CloudFlare, its founder and CEO Matthew Prince
told me earlier today, thinks the hackers control about 100,000 bots. As
for the scope of the attack, Prince says that CloudFlare saw attacks on
virtually every WordPress site on its network.
If somebody guesses your WordPress password, that’s obviously a big
problem, but attacks like this then open up ways for the hackers to take
over your server – and that’s what whoever is behind this attack is
clearly after. The CloudFlare team believes
that the attacker is currently using a network of relatively
low-powered home PCs, but the aim is “to build a much larger botnet of
beefy servers in preparation for a future attack.” Home PCs can be the
staging ground for a large denial-of-service attack, but servers have
access to far more bandwidth and can hence push out far larger amounts
of traffic.
This currently attack is similar to an attack in 2012 that was also aimed at WordPress sites. That attack, however, was looking for outdated versions of TimThumb, a popular PHP-based image resizer that is often used as the default by many WordPress templates.
Both CloudFlare and HostGator, as well as a number of other hosting
providers, have taken measures to protect their customers. Besides
choosing a very strong password – which is always a good idea – you can also install a number of WordPress plugins
that limit the number of login attempts from the same IP address or
network to put a stop to these brute-force attacks (though as WordPress
founder Matt Mullenweg notes in a blog post this afternoon,
changing your ‘admin’ username to something ab it more obscure may be
your best defense given that the hackers do have 90,000 IPs at their
disposal). If your site is hosted on WordPress.com, you can also turn on
two-factor authentication to add an extra layer of security.
Comments
Post a Comment