Skip to main content

With 20,000 sites swallowed up, a botnet is eating WordPress alive

Image used with permission by copyright holder

Hackers controlling a “botnet” of over 20,000 infected WordPress sites are attacking other WordPress sites, according to a report from The Defiant Threat Intelligence team. The botnets attempted to generate up to five million malicious WordPress logins within the past thirty days.

Per the report, the hackers behind this attack are using four command and control servers to send requests to over 14,000 proxy servers from a Russian provider. Those proxies are then used to anonymize traffic and send instructions and a script to the infected WordPress “slave” sites concerning which of the other WordPress sites to eventually target. The servers behind the attack are still online, and primarily target the XML-RPC interface of WordPress to try out a combination of usernames and passwords for admin logins.

Recommended Videos

“The wordlists associated with this campaign contain small sets of very common passwords. However, the script includes functionality to dynamically generate appropriate passwords based on common patterns … While this tactic is unlikely to succeed on any one given site, it can be very effective when used at scale across a large number of targets,” explains The Defiant Threat Intelligence team.

Please enable Javascript to view this content

Attacks on the XML-RPC interface aren’t new and date back to 2015. If you’re concerned that your WordPress account might be impacted by this attack, The Defiant Threat Intelligence team reports that it is best to enable restrictions and lockouts for failed logins. You also can consider using WordPress plugins which protect against brute force attacks, such as the Wordfence plugin.

The Defiant Threat Intelligence team has shared information on the attacks with law enforcement authorities. Unfortunately, ZDNet reports that the four command and control servers can’t be taken offline because they are hosted on a provider that doesn’t honor takedown requests. Still, researchers will be contacting hosting providers identified with the infected slave sites to try and limit the scope of the attack.

Some data has been omitted from the original report on this attack because it can be exploited by others. The use of the proxies also makes it hard to find the location of the attacks, but the attacker made mistakes which allowed researchers to access the interface of the command and control servers behind the attack. All of this information is being deemed as “a great deal of valuable data” for investigators.

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Password managers are the new target for hackers
Person using laptop with security graphics in front.

Password managers are one of the most effective ways internet users keep their online lives in order. Many popular services include 1Password, LastPass, and NordPass, which can be used for storing and generating passwords, and recalling login credentials.

However, while you may think your passwords are secure with these platforms, cybercriminals are getting more sophisticated with their methods of hacking password managers and getting access to your digital information.

Read more
Apple’s best M4 Macs are deeply discounted – here’s why now is the best time to buy
The Mac mini up on its side on a desk.

A few years ago, I bought a refurbished MacBook Pro with M1 Pro chip from Apple. This, it turned out, was one of the best decisions I could have made. The MacBook Pro was in like-new condition, yet I got it with a deep discount. It’s a device that is still going strong today.

Now, Apple is at it again, and this time you’re able to score money off on two of the best Macs available right now. What’s more, these are just any old discounts – they’re serious cuts of around 15%, which is a significant saving when you’re talking about a device that costs hundreds or even thousands of dollars.

Read more
Musk won’t chase OpenAI with his billions as long as it stays non-profit
Elon Musk wearing glasses and staring at the camera.

Elon Musk was one of the founding members of OpenAI, but made a sour exit before ChatGPT became a thing. The billionaire claims he wasn’t happy with the non-profit’s pivot to a profit-chasing business model. A few days ago, Musk submitted a bid to buy OpenAI’s non-profit arm for $97.4 billion, but now says he will pull the offer if the AI giant abandons its for-profit ambitions.

“If (the) OpenAI board is prepared to preserve the charity's mission and stipulate to take the "for sale" sign off its assets by halting its conversion, Musk will withdraw the bid,” says a court filing submitted by the billionaire’s lawyer, as per Reuters.

Read more