Wordpress Botnet Attack and Hacks

Webzcas

Winter is Coming!
Staff member
Joined
Mar 31, 2005
Location
Block S25, South Stand, Ashton Gate, BS3
Heads up for anyone who uses Wordpress for their sites CMS. I have just now, had over 500 bruteforce attempts on one of my sites, from multiple IP addresses, which occurred over a 3 minute period.

This is I presume from the much publicised botnet attack on sites using Wordpress
You do not have permission to view link Log in or register now.


One of my friends also had his site hacked at the end of last week as a result of this.

For those using Wordpress there are a couple of safeguards you can put in place to protect your sites.

Install the Wordfence security plugin and configure it to the maximum security setting. Ensure your wordpress admin account is not set to the default 'admin' user.

Also, the password you use should be extremely strong, involving a mixture of letters, numbers and characters. Ideally use a password that even if a gun was held to your head, you would not be able to state what it was.

Additionally to this, several of my sites have also had hack attempts, using 'educated' guesses of the wordpress admin account I use. These are not botnets and are more than likely from an individual with an axe to grind. I guess I may have 'upset' a few people in the past few weeks.......
 
My site OCR is currently being subjected to a botnet attack, whereby the lost password form is being hit. I have had to suspend the hosting for the site until I can find a fix, as it is the equivalent of a large DDoS attack, bringing the entire server to a halt. :mad:

If anyone knows of a quick fix or have any info that can help me so I can bring OCR back online, I will very much appreciate it. As I have been dealing with this the last two hours with no success.
 
Well i am still a rookie webmaster and have no experience with wordpress myself, but it sprung to my mind you could perhaps for the time being just disable the lost password form? Leave a small text disclaimer to say its down for maintenance and if anyone is in need of the service to request it per mail? Something like that.

Just an idea, and sorry to hear about your troubles, bunch of scumbags i.m.o.:(
 

Users who are viewing this thread

Meister Ratings

Back
Top