There has been a recent security breach in our Blog-o-sphere as several WordPress powered websites are being attacked by botnet and are under threat. It’s an attack that has been launched from over 90,000 IPs to disrupt the online websites that are running WordPress as their blogging platform. The primary objective of the hackers seems to be focused on compromising numerous servers that are hosting these websites.
Some time back in January 2012, Kelihos Botnet was taken down by a joint movement of Microsoft + Kaspersky Lab. Botnet are created every now and then but staging an attack is just another piece in the cyber puzzle. If we take a little background scoop into WordPress’s present CMS distribution then it accounts for nearly 18% of all websites that are running on the world wide web.
How bad is the Global Botnet Attack on websites running WordPress?
Ars Technica was quick to report on this matter and they say this kind of an attack mainly involves a Brute Force motive to snipe out your account’s passwords and login details. The attack was highly distributive in nature to spread out the hacking attempt to steal the administrative credentials of the WordPress powered websites. As Hostgator’s Sean Valant writes – Global WordPress Brute Force Flood was an continuous attack that began last week and has been raging since then. As he suggests changing your WordPress login passwords is the best option available.
Possible ways to save our websites from Cyber attacks
Using a strong password where you have special characters like – @^&*%$# really helps in increasing your account’s security. Although the attack was just formed to hack passwords it shows the power of botnets. They seem to be getting stronger as we speak.
On the other hand, CloudFlare was quick to patch the problem in realtime. That was really cool if you ask me. CloudFlare’s advantage in this position is that it’s model acts as a gatekeeper for all web requests and thus they can turn off requests that have this type of signature.
Normally in these kind of situations the Botnet attack on a controller’s requests. While the controller might be from an open server that acts as a nodal points for multiple zombie setups. These setups are normally home computers that have no proper firewall or protection. The user might not be knowing that their computers are being used to host such an attack worldwide.