Bots Attacking WP

Bed & Breakfast / Short Term Rental Host Forum

Help Support Bed & Breakfast / Short Term Rental Host Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

EmptyNest

Well-known member
Joined
May 22, 2008
Messages
8,741
Reaction score
1
Ok don't know if many of you use Word press or not...but I sure do and lately have been having all sorts of issues with it on various servers. The reason....bot attacks! Little did I know.
WordPress hit by massive botnet: Worse to come, experts warn
Summary: A massive botnet of tens of thousands of machines is attempting to hack in to weak password protected "admin" accounts of the popular blogging platform.Zack Whittaker
By Zack Whittaker for Zero Day | April 15, 2013 -- 15:15 GMT (08:15 PDT)
Blogging and website platform WordPress has been hit by a massive botnet of tens of thousands of computers, but it could be just the surface of a wider, larger attack.
Screen Shot 2013-04-15 at 11.10.10WordPress.com home page. (Image: Screenshot by Zack Whittaker/ZDNet)
The performance and security firm CloudFare warned in a blog post today that the unknown attacker is using a "relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack," suggesting a calm before a heavier storm.
The botnet is attempting to "brute force" attack WordPress websites using the username "admin", with thousands of different passwords. The botnet of machines — often individual machines infected with malware and subscribed to target servers and websites with vast amounts of data — is being used to hack web-based WordPress installations.
This botnet channels some bandwidth from individual computers infected with malware, which in mass and collectively can cause the overloading of servers. Typically, this kind of attack is either used by willing participants to cause a distributed denial-of-service (DDoS) attack against websites to force them offline, or by "slave" computers that can be used to carry out hacking attempts.
It comes only a week after WordPress enhanced user security by rolling out an optional two-factor authentication system.
WordPress founder Matt Mullenwag criticized those who were offering "solutions" to the problem, such as CloudFare, and instead suggested changing default usernames as an additional step to protect their WordPress accounts.
"If you still use 'admin' as a username on your blog, change it, use a strong password, if you're on WordPress.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress," he said.
"Do this and you’ll be ahead of 99 percent of sites out there and probably never have a problem."
WordPress remains a large target for hackers, which has around 64 million individual blogs and websites, with more than 370 million readers each month. Alexa ranks the blogging network as the 21 most visited site in the world
Follow this link to see how to set up a new user login
http://www.digitalkonline.com/blog/change-your-wordpress-admin-username/
 
Thanks for the article clarifying the problem. While we do not use Wordpress for our websites, our servers are being affected. Our host has been working on these matters for over a week to get back to stability. It seems the host has made some progress (fingers crossed). We have been unable to make any changes to our sites while they combated this problem.
 
I changed my user and password, yes I was using "Admin-SAL".
We had some issues a while back, so thanks for the heads up.
 
I was going to beef up my username but in Profile, WP is saying "usernames cannot be changed".
Ah, how I long for the simpler days when WP meant WordPerfect!!
 
I was going to beef up my username but in Profile, WP is saying "usernames cannot be changed".
Ah, how I long for the simpler days when WP meant WordPerfect!!.
Arkansawyer said:
I was going to beef up my username but in Profile, WP is saying "usernames cannot be changed".
Ah, how I long for the simpler days when WP meant WordPerfect!!
See Catlady's link, it is super easy, Create a new user make it ADMIN, then log out and go back and delete the first.
It will ask if you want to attribute all your posts to the new one, you say yes. Done deal.
 
Done! Thanks JB, and "Catlady" ;-).
You are welcome. This has been driving me crazy for a week. So now I know. However, now I have to go back to dozens of sites and make the changes...and then figure out new emails for the owners :-( Grrrrrr.
 
Done! Thanks JB, and "Catlady" ;-).
You are welcome. This has been driving me crazy for a week. So now I know. However, now I have to go back to dozens of sites and make the changes...and then figure out new emails for the owners :-( Grrrrrr.
.
EmptyNest said:
You are welcome. This has been driving me crazy for a week. So now I know. However, now I have to go back to dozens of sites and make the changes...and then figure out new emails for the owners :-( Grrrrrr.
Why figure out new emails? (no, I didn't read the whole article)
 
Done! Thanks JB, and "Catlady" ;-).
You are welcome. This has been driving me crazy for a week. So now I know. However, now I have to go back to dozens of sites and make the changes...and then figure out new emails for the owners :-( Grrrrrr.
.
EmptyNest said:
You are welcome. This has been driving me crazy for a week. So now I know. However, now I have to go back to dozens of sites and make the changes...and then figure out new emails for the owners :-( Grrrrrr.
Why figure out new emails? (no, I didn't read the whole article)
.
When you put in a new admin, you cannot use the same email associated with the previous admin.
 
Done! Thanks JB, and "Catlady" ;-).
You are welcome. This has been driving me crazy for a week. So now I know. However, now I have to go back to dozens of sites and make the changes...and then figure out new emails for the owners :-( Grrrrrr.
.
EmptyNest said:
You are welcome. This has been driving me crazy for a week. So now I know. However, now I have to go back to dozens of sites and make the changes...and then figure out new emails for the owners :-( Grrrrrr.
Why figure out new emails? (no, I didn't read the whole article)
.
When you put in a new admin, you cannot use the same email associated with the previous admin.
.
EmptyNest said:
When you put in a new admin, you cannot use the same email associated with the previous admin.
Worked fine for me. First I edited the old admin user, changed e-mail address to "anything else", then put in the new admin with the email the old admin acct. used, then deleted the old admin account. So the new admin acct. uses the old admin e-mail address.
 
Done! Thanks JB, and "Catlady" ;-).
You are welcome. This has been driving me crazy for a week. So now I know. However, now I have to go back to dozens of sites and make the changes...and then figure out new emails for the owners :-( Grrrrrr.
.
EmptyNest said:
You are welcome. This has been driving me crazy for a week. So now I know. However, now I have to go back to dozens of sites and make the changes...and then figure out new emails for the owners :-( Grrrrrr.
Why figure out new emails? (no, I didn't read the whole article)
.
When you put in a new admin, you cannot use the same email associated with the previous admin.
.
EmptyNest said:
When you put in a new admin, you cannot use the same email associated with the previous admin.
Worked fine for me. First I edited the old admin user, changed e-mail address to "anything else", then put in the new admin with the email the old admin acct. used, then deleted the old admin account. So the new admin acct. uses the old admin e-mail address.
.
good one. I will try that. I hate to have to change all the emails. That will work. Thanks!
 
Thankfully, I did not use an admin WP. Does it matter that it is on the admin of my web site to get to it? Blog is a page and then i have to go ID & password to get into it to post etc. Every time I allow comments on my blog, all I get are trashy spans to have to delete. Just takes time to have to go in and not approve them. I am getting so I just do not allow comments and that is sad.
 
I highly recommend the plugin "WP Better Security"
Very powerful... checks and alters "admin" as well as ~30 other vulnerabilities.
http://wordpress.org/extend/plugins/better-wp-security/
Also EmptyNest, for sites that are not yours, this plugin can force your clients to have to use strong passwords so that they don't endanger themselves with weak ones.
 
I installed Better WP Security yesterday and today received two notices that a couple of IP addresses have been locked out due to too many failed login attempts. I assume it's the new security plugin doing this.
So cool! Bots have apparently been trying regularly to log into my WP account and I didn't know it. Now Better WP Security is watching out for me! I like!!
 
I highly recommend the plugin "WP Better Security"
Very powerful... checks and alters "admin" as well as ~30 other vulnerabilities.
http://wordpress.org/extend/plugins/better-wp-security/
Also EmptyNest, for sites that are not yours, this plugin can force your clients to have to use strong passwords so that they don't endanger themselves with weak ones..
For the most part, my clients don't do anything with their sites much less change a password. So I look out for them :)
 
Wow! I've had the occasional IP address blocked by Better WP Secuirty before but tonight I've had like 40 addresses blocked for too many failed login attempts to my site. WP is under attack tonight...or at least I am!
 
Wow! I've had the occasional IP address blocked by Better WP Secuirty before but tonight I've had like 40 addresses blocked for too many failed login attempts to my site. WP is under attack tonight...or at least I am!.
Ouch!
 
Wow! I've had the occasional IP address blocked by Better WP Secuirty before but tonight I've had like 40 addresses blocked for too many failed login attempts to my site. WP is under attack tonight...or at least I am!.
I have a few different WordPress sites and see different attack patterns. Normally my sites block 2-3 IPs/day for failed login attempts. I did have one case though with an attacker with basically unlimited IPs coming after one site. I ended up renaming the login page, wp-login.php, temporarily (probably was a day or two). When I put it back to wp-login.php the attack had stopped. I assume they gave up when they could no longer access the login page.
 
Back
Top