Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisaCISACISA:1C1BE830BC98560B773654E1EC8F1DA2
HistoryApr 15, 2013 - 12:00 a.m.

WordPress Sites Targeted by Mass Brute-force Botnet Attack

2013-04-1500:00:00
us-cert.cisa.gov
3

0.006 Low

EPSS

Percentile

79.1%

JSON

US-CERT is aware of an ongoing campaign targeting the content management software WordPress, a free and open source blogging tool and web publishing platform based on PHP and MySQL. All hosting providers offering WordPress for web content management are potentially targets. Hackers reportedly are utilizing over 90,000 servers to compromise websites’ administrator panels by exploiting hosts with β€œadmin” as account name, and weak passwords which are being resolved through brute force attack methods.

CloudFlare, a web performance and security startup, has to block 60 million requests against its WordPress customers within one hour elapse time. The online requests reprise the WordPress scenario targeting administrative accounts from a botnet supported by more than 90,000 separate IP addresses. A CloudFlare spokesman asserted that if hackers successfully control WordPress servers, potential damage and service disruption could exceed common distributed denial of service (DDoS) attack defenses. As a mitigating strategy, HostGator, a web hosting company used for WordPress, has recommended users log into their WordPress accounts and change them to more secure passwords.

US-CERT encourages users and administrators to ensure their installation includes the latest software versions available. More information to assist administrators in maintaining a secure content management system include:

  • Review the June 21, 2012, vulnerability described in CVE-2012-3791, and follow best practices to determine if their organization is affected and the appropriate response.
  • Refer to the Technical Alert on Content Management Systems Security and Associated Risks for more information on securing a web content management system
  • Refer to Security Tip Understanding Hidden Threats: Rootkits and Botnets for more information on protecting a system against botnet attacks
  • Additional security practices and guidance are available in US-CERT’s Technical Information Paper TIP-12-298-01 on Website Security

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.

Related

cvelist 1
nvd 1
dsquare 1
cve 1
prion 1
cvelist
cvelist
CVE-2012-3791
2012-06-21 16:00:00
nvd
nvd
CVE-2012-3791
2012-06-21 16:55:01
dsquare
dsquare
Simple CMS SQL Injection
2012-06-04 00:00:00
cve
cve
CVE-2012-3791
2012-06-21 16:55:01
prion
prion
Sql injection
2012-06-21 16:55:00

0.006 Low

EPSS

Percentile

79.1%

JSON
Related for CISA:1C1BE830BC98560B773654E1EC8F1DA2
cvelist1nvd1dsquare1cve1prion1