The WordPress Botnet Attack Explained.

May 1, 2013

CONSUME CREATIVELY

This content is available in:

This content is available in:

TEXT

Subscribe to Our Podcast:


One of the top stories in the news this month has been the botnet attack currently taking place against WordPress sites. A botnet is endearingly known as a zombie army. It’s a group of internet programs or computers that communicate with each other over the web to carry out a task, typically without the user’s knowledge. In this case, the task is a brute-force attack on WordPress sites.

The Method

A brute-force attack is an attempt to log into an account by systematically trying thousands of passwords. A botnet is not necessary to carry out a brute-force attack, but using multiple computers avoids reaching a multiple attempt limit for logins and allows the attacker to try more password combinations. Over 90,000 unique IP addresses have been recorded in this brute-force attack.

The attackers are targeting WordPress websites that use default admin login names. The top five usernames being attempted are “admin,” “test,” “administrator,” “Admin,” and “root.” The top five passwords are “admin,” “123456,” “111111,” “666666,” and “12345678.”

Protect Your Site

The best way to protect yourself from the botnet attack is to change your username and password to something more unique. Even if you’re not using one of the top five usernames or passwords, thousands of other passwords are being attempted in the botnet attack. So create a complex, hard-to-guess password to keep your site safe. For more safety tips, read our blog post about protecting your website from the botnet attack.

The Threat

Botnets can carry out malicious actions such as forcing websites offline and carrying out hacking attempts. According to vulnerability expert Olli-Pekka Niemi at the network security vendor Stonesoft, the botnet attackers may carry out further attacks by gaining access to people’s accounts.

She said, “By compromising WordPress blogs, attackers may be able to upload malicious content and embed this into the blog. When readers visit the blogs in question they would then be subject to attack, come under compromise and develop into botnets.”

Right now, the botnet is based on a weak system of home PCs but appears to be attempting to penetrate larger servers. Servers are more effective at using botnets to force websites offline, because they can generate more traffic on those sites to overwhelm them. When a website is bombarded with too much information and crashes, it is called a DDoS (Distributed Denial of Service). All of this means that the threat of a botnet attack hasn’t gone away yet. In fact, it may get worse.

MayeCreate gives tips on how you can protect your website from a botnet attack and takes measures to protect the websites it hosts. For any questions or concerns you have about the protection we provide, contact us.

Who Manifested This Madness?

Monica Maye Pitts

This fabulous human, that's who.

Monica Maye Pitts

Monica is the creative force and founder of MayeCreate. She has a Bachelor of Science in Agriculture with an emphasis in Economics, Education and Plant Science from the University of Missouri. Monica possesses a rare combination of design savvy and technological know-how. Her clients know this quite well. Her passion for making friends and helping businesses grow gives her the skills she needs to make sure that each client, or friend, gets the attention and service he or she deserves.

GET MORE AWESOME

If this trips your trigger you'll love our podcast. Get more episodes just like this on:

The WordPress Botnet Attack Explained.
Email Alerts About New Episodes
Weekly Pride Maker Sign Up - Blog Sidebar
Industry

© MayeCreate Design 2024 | 573-447-1836 | info@mayecreate.com |108 E. Green Meadows Rd., Ste. 9 | Columbia, MO 65203 | Privacy Policy