Skip to main content

With 20,000 sites swallowed up, a botnet is eating WordPress alive

Image used with permission by copyright holder

Hackers controlling a “botnet” of over 20,000 infected WordPress sites are attacking other WordPress sites, according to a report from The Defiant Threat Intelligence team. The botnets attempted to generate up to five million malicious WordPress logins within the past thirty days.

Per the report, the hackers behind this attack are using four command and control servers to send requests to over 14,000 proxy servers from a Russian provider. Those proxies are then used to anonymize traffic and send instructions and a script to the infected WordPress “slave” sites concerning which of the other WordPress sites to eventually target. The servers behind the attack are still online, and primarily target the XML-RPC interface of WordPress to try out a combination of usernames and passwords for admin logins.

“The wordlists associated with this campaign contain small sets of very common passwords. However, the script includes functionality to dynamically generate appropriate passwords based on common patterns … While this tactic is unlikely to succeed on any one given site, it can be very effective when used at scale across a large number of targets,” explains The Defiant Threat Intelligence team.

Attacks on the XML-RPC interface aren’t new and date back to 2015. If you’re concerned that your WordPress account might be impacted by this attack, The Defiant Threat Intelligence team reports that it is best to enable restrictions and lockouts for failed logins. You also can consider using WordPress plugins which protect against brute force attacks, such as the Wordfence plugin.

The Defiant Threat Intelligence team has shared information on the attacks with law enforcement authorities. Unfortunately, ZDNet reports that the four command and control servers can’t be taken offline because they are hosted on a provider that doesn’t honor takedown requests. Still, researchers will be contacting hosting providers identified with the infected slave sites to try and limit the scope of the attack.

Some data has been omitted from the original report on this attack because it can be exploited by others. The use of the proxies also makes it hard to find the location of the attacks, but the attacker made mistakes which allowed researchers to access the interface of the command and control servers behind the attack. All of this information is being deemed as “a great deal of valuable data” for investigators.

Editors' Recommendations

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Best HP laptop deals: Get a 14-inch Windows laptop for $170
An open HP Spectre x360 16 sits on a table, angled so that the screen and keyboard can be seen.

HP is one of the best laptop brands out there, and they're not afraid to slash their prices. Whether you're looking for cheap Chromebook deals or powerful gaming laptop deals, HP has something to offer. Below we've collected the best laptop deals on HP computers from around the internet. Models include the Pavilion, Victus, 17z and the mighty Omen.

HP 14-inch Laptop -- $170, was $200

Read more
Apple’s cheaper Vision Pro headset may have been scrapped, report claims
Apple Vision Pro being worn by a person while using a keyboard.

Apple’s Vision Pro headset is still months away from launching, but one well-known analyst has already painted a bleak picture for the device. According to the assessment, Apple might have canceled a low-cost version of the Vision Pro, leaving potential customers in the lurch.

The news was published in a report from Apple analyst Ming-Chi Kuo, who is thought to have well-placed sources in Apple’s supply chain. Previous leaks have suggested that Apple is working on a cheaper edition of the Vision Pro -- due to launch in 2025 -- to help users who can’t afford the base model’s $3,499 price tag, but Kuo thinks those plans might have been scrapped entirely.

Read more
Best Razer gaming laptop deals: Save on the Blade 14, 15, and 17
Someone using the Razer Blade 14 on a table.

Razer is a staple computing brand that gamers have learned to trust. Whether you just have a Razer headset or Razer gaming mouse, you've probably grown to start trusting the signature neon three-headed snake. Razer makes great gaming laptops because they only make gaming laptops. They're not just dipping their toes in the space. Quality comes with a price, but thankfully there are good gaming laptop deals on Razer machines. All of the Razer gaming laptop deals below come straight from their site, so you can trust that the laptop is going straight from their warehouse to you. Check out the deals below on various configurations of the Razer Blade 14, 15 and 17 gaming laptops.
Razer Blade 14 -- $1,800, was $2,000

This smallest Razer laptop still has everything you could need from a gaming computer, from the powerful components to the fun aesthetics. Inside the Razer Blade 14, you get an AMD Ryzen 9 6900HX processor, which has 16  cores. The graphics card is an Nvidia GeForce RTX 3060. It's a quality graphics card that will handle demanding modern games, VR and even ray tracing. It comes stock with 16GB of RAM. The screen only gets 1080p, but it has a 144Hz refresh rate that will keep your frame rate smooth. On the outside, you get a full RGB keyboard, just for fun.

Read more