Saturday, April 13, 2013

Attacks against WordPress and Joomla sites have tripled

Hosting providers around the world are seeing a massive increase in brute force attacks against WordPress and Joomla sites. Attackers are looking to gain access to and compromise accounts, but failing that, they are slowing down their targets or even rendering them unavailable as they exhaust the sites’ resources.
Melbourne Server Hosting is reporting that it has seen signs over the past 48 hours of increased attempts, while Immotion Hosting has noted they are coming from a large amount of IP addresses spread across the world. This would suggest the attackers are using a botnet to break in; HostGator has said at least 90,000 computers are involved while CloudFlare has noted it “more than tens of thousands of unique IP addresses” are being used.
Sucuri, a security firm that blocks various types of Internet attacks, reports that it has also seen a notable increase. The company shared the following data points:
  • December 2012: 678,519 login attempts blocked.
  • January 2013: 1,252,308 login attempts blocked.
  • February 2013: 1,034,323 login attempts blocked.
  • March 2013: 950,389 login attempts blocked.
  • April 2013: 774,104 login attempts blocked for the first 10 days.
The top five user names being attempted are admin, test, administrator, Admin, and root. The top five passwords being attempted are admin, 123456, 666666, 111111, and 12345678. Obviously, if you are using any common user name or password, you should change it immediately.
In other words, Sucuri has been seeing 30 to 40 thousand attacks per day for the last few months, but this month that number has increased to 77,000 per day on average. In the last few days, the firm says the figure has reached more than 100,000 per day, meaning the number of brute force attempts has more than tripled.
For those who don’t know, a botnet refers to a group of computers (sometimes called zombies) that have been infected with malware to perform tasks for whomever distributed said threat. This individual, or organization, controls the botnet by sending instructions to the zombies from one or more Command & Control (C&C) servers.
A brute-force attack, meanwhile, refers to the systematic checking of all possible passwords (or just popular ones) until the correct password is found. A botnet is not required, but can help in the process as multiple computers can be used to check different combinations and avoid triggering multiple attempt limits.
While these attacks against popular content management systems are nothing new, the sudden increase is a bit worrying. Until the botnet in question is taken down, however, there is not much that can be done aside from ensuring you are taking every precaution. That includes using a solid username and password combination as well as ensuring your CMS and plugins are up-to-date.
Update: WordPress creator Matt Mullenweg has released a statement regarding the issue:
Almost 3 years ago we released a version of WordPress (3.0) that allowed you to pick a custom username on installation, which largely ended people using “admin” as their default username. Right now there’s a botnet going around all of the WordPresses it can find trying to login with the “admin” username and a bunch of common passwords, and it has turned into a news story (especially from companies that sell “solutions” to the problem).
Here’s what I would recommend: If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem. Most other advice isn’t great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours).

Facebook Home - Free APK Download for all Android devices

Not able to run Facebook Home on your device officially from the Play Store? Luckily you can grab the APK and install directly!

On an officially unsupported device your experience may vary, but then you knew that. :)

Before installing Home you need to ensure that both latest Facebook main app (katana) and Messenger app (orca) are installed... once they are installed, use this link - Download - to install Facebook Home then hit the home button on your device to activate.

It's early days so update in this topic how you get on, if any patches etc. are needed for full functionality, i'll be posting them here, so hit the 'follow topic' button for updates!


Popular Posts