WordPress attacks showcase botnet owner's expanding tricks

Share this article:

A botnet using more than 90,000 IP addresses to crack WordPress admin accounts may be used as part of a larger plot to disrupt online users, according to researchers.

WordPress founding developer Matthew Mullenweg took to his blog Friday to warn users of widescale hacking attempts underway.

WordPress users with the “admin” username are being targeted by a botnet consisting of compromised home PCs. The infected machines are brute-force hacking accounts, automatically inputting a list of commonly used passwords. Mullenweg advised anyone with the “admin” login to change it, as well as their password, and to turn on the site's newly implemented two-factor authentication feature.

CloudFlare, a San Francisco-based security and site performance service provider, and web hosting provider HostGator suggested the botnet could be using home-based machines to assemble a more destructive network capable of carrying out distributed denial-of-service (DDoS) attacks on the web.

Compromised WordPress servers would give the botnet much more bandwidth to use for malicious purposes, according to a blog post from CloudFlare, a San Francisco-based security and site performance provider.

CloudFlare co-founder and CEO Matthew Prince said a similar attack method was used to stage the ongoing DDoS campaigns against several banks in the United States.

In those incidents, hackers targeted WordPress users running an outdated TimThumb plug-in, a popular image resizing tool, to exploit the accounts and turn infected accounts into DDoS tools pointed toward American banking sites.

Prince said targeting WordPress servers gives attackers an “army of bots” with “fairly big connections to the internet."

“The harm is that, if your blog is compromised, the server resources can be used to launch attacks against other parts of the internet infrastructure,” he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

TorrentLocker developers patch error

Victims had been able to restore encrypted files without paying a ransom.

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

Gartner: 75 percent of mobile apps will fail ...

As BYOD and mobile computing become more critical to business, app downloads will raise security risks.