Wordpress, the popular content management system behind many blogs and business websites, has been hit by a major hacker attack.
People test the the Google Chromebook Pixel laptop after an announcement in San Francisco, Thursday, Feb. 21, 2013. Google is adding a new touch to its line of Chrome laptops in an attempt to outshine personal computers running on software made by rivals Microsoft and Apple. (AP Photo/Jeff Chiu)
WordPress, the popular content management system behind many blogs and business websites, has been hit by a major hacker attack.
While many turn to WordPress because it’s easy to use, it turns out the application might be a little too easy for hackers to target, too.
Whoever is behind the attack is using an estimated 90,000 IP addresses “to brute-force crack administrative credentials of vulnerable WordPress systems,” writes Arstechnica. There is also concern that the hackers are trying to create a “botnet,” using a network of home computers to target more powerful servers, which could then cause more damage.
Those servers could, potentially, be used in larger denial-of-service attacks, where a high volume of traffic causes a site to crash. “This is a similar tactic that was used to build the so-called itsoknoproblembro/Brobot botnet which, in the Fall of 2012, was behind the large attacks on US financial institutions,” writes CloudFlare, an online security company. CloudFlare has already created a patch that prevents the attacks.
Reports say that sites hosted on Joomla are also under attack.
Since the attack uses thousands of different IP addresses, plugins that limit repeated login attempts from a single IP address aren’t that useful.
Instead, the steps for users to protect themselves are fairly straightforward: