[General] WordPress login attack
Thursday, January 16th, 2014 - General, Security
PLEASE READ IF YOU ARE SEEING A LOGIN PROMPT WHEN TRYING TO ACCESS YOUR WORDPRESS ADMIN AREA
Some of you may be aware that there has been a growing BOTnet across the Internet that has essentially been launching a DDOS attack on WordPress scripts throughout the Internet.
WordPress is an extremely popular blogging and CMS platform. Many people use it. It is widely installed throughout the Internet and on our web hosting servers. This makes it a very inviting target for hackers and other malicious users to take advantage of.
The attack is basically a system of thousands and thousands of IP addresses all trying to login into various site’s backend WordPress admin panel. All of these requests undermines the performance of the server, because the server has to respond to each of those requests. This is why this essentially becomes a DDOS like attack.
Up until now, we have been able to mitigate most of this with a series of IP blocks. But unfortunately this system is reaching it’s saturation and is no longer being effective. The next step to mitigating this is to employ a specific web/captcha system. With this enabled, you will see a dialog box when you go to log into your WordPress admin panel, telling you to enter a specific set of characters for a username and answering a simple arithmetic/addition problem as the password. This is becoming the standard way to mitigate this attack.
We don’t yet know if we will deploy this server-wide or if we will do it on an account-by-account basis. But it is becoming clear that we are going to have to deploy this system in some capacity.
If you see this dialog box pop up on your WordPress admin panel login screen, don’t be alarmed. It is a mitigation solution to stop this WordPress login attack.
We do apologize for having to deploy this, but if we do nothing this attack is just going to continue to undermine server performance for your site and all of the other sites on our web hosting servers.
Steven