The Attack
The details of the attack has been covered far and wide. Hostgator was one of the first big names to break the news about the attack with their Global WordPress Brute Force Flood post. The WordPress security team at Sucuri has as series of blog posts about the topic covering how to protect your site, the reality of the attacks, and the consequences of such attacks. Security blog Krebs on Security has a good post covering the topic in depth.
The short and simple explanation of what is happening is that one or more illegal botnets (a network of hundreds, thousands, or millions of compromised computers that are being exploited to perform attacks, send spam, etc) are being used to brute-force attack WordPress sites. The goal of a brute force attack is to try as many username and password combinations as possible in order to find valid login credentials. It’s as if someone was trying to guess the combination on a combination lock, but rather than being limited to a single guess every few seconds, they could make hundreds or thousands of guesses a second while never getting tired.
The Solution
Brute force login attempts are by no means new. Such attack techniques have been used against WordPress sites for as long as WordPress has existed. In the past, I’ve recommended users install and activate the Login Lockdown plugin as it helps protect against brute force attacks. It protects the site by blocking login attempts by a specific IP once that IP has failed too many times in a row. Unfortunately, as the pattern section above shows, these attacks are coming from a huge range of IP addresses. Simply being able to block specific IP addresses after failed attempts will not protect a site against this botnet attack. This means that a different solution is needed.
0 comments:
Post a Comment