Home Routers Used to Launch Brute-Force Attacks on WordPress Sites

By Marcos Colon

A group of hackers is launching coordinated brute-force attacks targeting the administration panel of WordPress websites, and their assaults are powered by unsecured home routers.

The routers allow the hackers to propagate their campaign, reaching thousands of IP addresses while avoiding firewalls, according to a report by Bleeping Computer.

Discovered by WordFence, which produces a WordPress security plugin, the attacks are aimed at ultimately guessing the passwords tied to the admin accounts so they can have complete access. WordFence believes attackers have hijacked the routers by taking advantage of a vulnerability in the TR-069 router management protocol and sending malicious requests to the device’s 7547 port.

The size of the botnet is currently unknown, but the WordPress security firm believes 6.7 percent of brute-force attacks aimed at WordPress sites in March were launched by home routers that had port 7547 open on the internet. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.