A couple of security vendors have been tracking large number of brute force attacks on WordPress blogs attempting to gain unauthorized access using the ‘admin’ username and a set of commonly used passwords. CloudFlare and Incapsula are the two companies which have noticed such attacks on a global scale.
According to CloudFlare, attackers are using weak and compromised PCs which are part of weak botnets to carry out attacks on high-end servers in a bid to create a larger botnet comprising of powerful servers for some future attack.
A backdoor is loaded onto those servers on which the brute force attacks are successful thereby providing attackers with remote access. These servers are then used to launch further brute force attacks on other servers reveals KrebsOnSecurity.
It is not just security companies that are warning of such an attack as one of the biggest hosting site companies – HostGator also rang warning bells about such an attack. “As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence,” HostGator said in a blog post. According to HostGator the attack involves over 90,000 IP addresses and that the attack is organized and highly distributed.
We would recommend anyone with a WordPress installation to go about updating their passwords by adding complexity to them.