Massive Brute-force attack Targets Wordpress sites worldwide


A large distributed brute force attack against WordPress sites is understood to be occurring. A large botnet with more than 90,000 servers is attempting to log in by cycling through different usernames and passwords. According to a blog [update](<http://status.ixwebhosting.com/2013/04/11/global-server-wordpress-issues/>) on IXWebHosting, they are currently experiencing issues where there is a [brute force attack](<http://www.google.com/cse?cx=017931741230951650006:pksj3nwgyw4&q=brute%20force%20attack&oq=brute%20force%20attack&gs_l=partner.12...1986.1986.0.2221.>) on the default [WordPress](<http://www.google.com/cse?cx=017931741230951650006:pksj3nwgyw4&q=WordPress%20hacking&oq=WordPress%20hacking&gs_l=partner.3...9529.10848.1.10970.>) login pages of their customers. [![](http://4.bp.blogspot.com/-pLo4Ml6Kjso/UWg7WQWd8mI/AAAAAAAAVRE/kPuA6On3QmE/s1600/Massive+Brute+Force+attack+using+Botnet+Targets+thousands+of+Wordpress+sites.jpg)](<http://4.bp.blogspot.com/-pLo4Ml6Kjso/UWg7WQWd8mI/AAAAAAAAVRE/kPuA6On3QmE/s1600/Massive+Brute+Force+attack+using+Botnet+Targets+thousands+of+Wordpress+sites.jpg>)"_As you can see from our numbers, we were seeing 30 to 40 thousand attacks per day the last few months. In April 2013, it increased to 77,000 per day on average, reaching more than 100,000 attempts per day in the last few days._" [Sucuri](<http://blog.sucuri.net/2013/04/mass-wordpress-brute-force-attacks-myth-or-reality.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+\(Security+Bloggers+Network\)>) study says. This attack is greatly effecting [Linux servers](<http://www.google.com/cse?cx=017931741230951650006:pksj3nwgyw4&q=hacking%20Linux%20servers&oq=hacking%20Linux%20servers&gs_l=partner.3...13509.14703.3.15121.>) and attack is possibly conducted using [botnets](<http://www.google.com/cse?cx=017931741230951650006:pksj3nwgyw4&q=botnets&oq=botnets&gs_l=partner.3...12474.14627.2.14761.>). To solve the issue, hosting administrator block all connections to wp-login.php. "_At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*)._" Hostgator [recommends](<http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/>) to their users.. "_A large botnet has been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard. This is affecting almost every major web hosting company around the world. Our Network Operations Centre (NOC) has detected a significant increase in botnet activity in the last 24 hours._" Spiral Hosting also issue notice to their customers. Users are advised to use **_.htaccess_** to protect their admin area and to rename the login pages. This is a global issue affecting all web hosts. Stay tuned to our [**Twiter**](<https://twitter.com/TheHackersNews>) and [**Facebook Page**](<https://www.facebook.com/thehackernews>) for further information.