JusticeDept.com

WordPress Worldwide Attack

April 17 2013 by admin in Uncategorized |Comments Off

Last Wednesday, we began noticing unusually high incoming traffic across our servers. We determined that this traffic was caused by an automated program that was attempting to break in to our customers’ WordPress sites. This also had the effect of slowing down our Linux servers due to all of the extra traffic.

This attack is not limited to our network, but targets WordPress users worldwide, across many hosting companies.

We began blocking all attempted connections to the wp-login.php file. This block stopped the malicious connections from breaking in, but unfortunately, it also stopped legitimate users from logging in as well. This was a temporary, but necessary solution as we continued to work on a remedy for this situation.

We have now rolled out a new fix which blocks the malicious connections, but allows users to access their wp-login file. This means that if you have a WordPress site, you should now be able to login and make changes. However, once you log in, we recommend that you change your password to something very strong (e.g. a mixture of upper and lowercase letters, numbers, and special characters like #, $, and &). You can find instructions on how to change your password here: http://codex.wordpress.org/Resetting_Your_Password.

We are still keeping a close and active eye on this attack, as it seems to be very dynamic and will attempt to change its approach to counter our defenses. So, you may notice some quirks and fluctuations with your WordPress site until we’ve either completely blocked the attack, or the attack stops altogether.

Tags: attacks, blocking, hack, login, websites, Wordpress

Comments are closed.

Security Basics

Re: secure and simple file server

Posted by ugochukwu . egerue on Mar 29Hi Peter, If AD cannot be used to implement the necessary security around your folders, then you need a third party folder/files security solution. There are many of them in the market ranging from the low ends to high solutions like Imperva FAM. Use google to do some research on it. Good luck!, Ugo Sent from my BlackBer […]

Re: secure and simple file server

Posted by Ansgar Wiechers on Mar 29File system permissions: ------------------------ Grant read access on the parent folder to "Authenticated Users" or "Everyone", and have the subfolders inherit that ACL. Grant full control on each immediate child folder to just the user who is supposed to be able to write to it. Share permissions: ----- […]

secure and simple file server

Posted by Peter Odigie on Mar 29Hi All! I will like to get your suggestions. I have been asked to set up a file server on a windows OS not using any active directory stuff. Just a simple file sharing stuff in which: Person A will be the only one to put a file into Folder A but will also be able to get files from Folder B & C. And the same will hold for p […]

US-CERT

ST06-001: Understanding Hidden Threats: Rootkits and Botnets

Original release date: August 24, 2011 | Last revised: February 06, 2013 Attackers are continually finding new ways to access computer systems. The use of hidden methods such as rootkits and botnets has increased, and you may be a victim without even realizing it. What are rootkits and botnets?A rootkit is a piece of software that can be installed and hidden […]

ST06-005: Dealing with Cyberbullies

Original release date: June 01, 2011 | Last revised: February 06, 2013 Bullies are taking advantage of technology to intimidate and harass their victims. Dealing with cyberbullying can be difficult, but there are steps you can take. What is cyberbullying?Cyberbullying refers to practice of using technology to harass, or bully, someone else. Bullies used to b […]

ST06-004: Avoiding the Pitfalls of Online Trading

Original release date: April 07, 2011 | Last revised: February 06, 2013 Online trading can be an easy, cost-effective way to manage investments. However, online investors are often targets of scams, so take precautions to ensure that you do not become a victim. What is online trading?Online trading allows you to conduct investment transactions over the inter […]

BugTraq

[SECURITY] [DSA 2663-1] tinc security update April 23, 2013

Posted by Yves-Alexis Perez on Apr 23------------------------------------------------------------------------- Debian Security Advisory DSA-2663-1 security () debian org http://www.debian.org/security/ Yves-Alexis Perez April 22, 2013 http://www.debian.org/security/faq ------------------------------------------------------------------------- Package : tinc V […]

[ MDVSA-2013:150 ] mysql April 23, 2013

Posted by security on Apr 23 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:150 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : mysql Date : April 22, 2013 Affected: Enterprise Server 5.0 ________________________ […]

[ MDVSA-2013:149 ] roundcubemail April 23, 2013

Posted by security on Apr 23 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:149 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : roundcubemail Date : April 21, 2013 Affected: Business Server 1.0 __________________ […]

FullDisclosure

Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere)

Posted by Tavis Ormandy on Apr 23Valdis.Kletnieks () vt edu wrote: Sure, but how does full disclosure solve that? Most vendors refuse to credit researchers who don't play by their rules (which is almost universally tell them and then keep quiet until they give you permission to speak) - so if you're primarily driven by vendor credit, you should not […]

Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere)

Posted by Valdis . Kletnieks on Apr 23On Tue, 23 Apr 2013 12:54:42 -0400, Gary Baribault said: The problem is that what my users and customers want is different from what other researcher's users and customers want.... […]

Re: 0day Vulnerability in VLC (this is my first release of the vuln anywhere)

Posted by Gary Baribault on Apr 23And any vendor who says it will take 18 months to fix this, tough, give them whatever you feel is reasonable, tell them when you will be releasing and then go, but keep in mind, fixing a bug that affects Windows XP, Vista, 7, 8, 2003, 2008 and 2012 will take longer than fixing a bug in VLC. Yes we are all adults and have to […]

Homeland Security

WordPress Worldwide Attack

ic3.gov

FBI

Security Tip of the Day

Security Basics

US-CERT

BugTraq

FullDisclosure

Archives