1. Home
  2. Computing
  3. News

With 20,000 sites swallowed up, a botnet is eating WordPress alive

By
Image used with permission by copyright holder

Hackers controlling a “botnet” of over 20,000 infected WordPress sites are attacking other WordPress sites, according to a report from The Defiant Threat Intelligence team. The botnets attempted to generate up to five million malicious WordPress logins within the past thirty days.

Per the report, the hackers behind this attack are using four command and control servers to send requests to over 14,000 proxy servers from a Russian provider. Those proxies are then used to anonymize traffic and send instructions and a script to the infected WordPress “slave” sites concerning which of the other WordPress sites to eventually target. The servers behind the attack are still online, and primarily target the XML-RPC interface of WordPress to try out a combination of usernames and passwords for admin logins.

Recommended Videos

“The wordlists associated with this campaign contain small sets of very common passwords. However, the script includes functionality to dynamically generate appropriate passwords based on common patterns … While this tactic is unlikely to succeed on any one given site, it can be very effective when used at scale across a large number of targets,” explains The Defiant Threat Intelligence team.

Attacks on the XML-RPC interface aren’t new and date back to 2015. If you’re concerned that your WordPress account might be impacted by this attack, The Defiant Threat Intelligence team reports that it is best to enable restrictions and lockouts for failed logins. You also can consider using WordPress plugins which protect against brute force attacks, such as the Wordfence plugin.

The Defiant Threat Intelligence team has shared information on the attacks with law enforcement authorities. Unfortunately, ZDNet reports that the four command and control servers can’t be taken offline because they are hosted on a provider that doesn’t honor takedown requests. Still, researchers will be contacting hosting providers identified with the infected slave sites to try and limit the scope of the attack.

Some data has been omitted from the original report on this attack because it can be exploited by others. The use of the proxies also makes it hard to find the location of the attacks, but the attacker made mistakes which allowed researchers to access the interface of the command and control servers behind the attack. All of this information is being deemed as “a great deal of valuable data” for investigators.

Editors' Recommendations

Topics
Arif Bacchus
Former Digital Trends Contributor
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Get this HP 17-inch laptop for $300 instead of the usual $660

Seventeen-inch laptops toe the line between portability and size, making them more expensive than your average laptop. Some of the best 17-inch laptops can easily cost you thousands of dollars. Luckily, there HP has come up with a very budget-friendly solution in the form of the HP laptop 17z, and while it's not one of the best laptops on the market, it is an excellent budget-oriented choice for a 17-inch laptop. Even better, HP currently discounts it down to $300 from the usual $560 price tag, which is a significant $260 off.

Buy Now

Read more
Get a lifetime of 1TB cloud storage for $160

One thing about most of the best cloud storage services that you're sure not to like is having to pay for them. Again and again, month after month, they ask for money to continue holding your files. It makes sense, in a way, as their servers take constant real estate and electricity to maintain. Now, though, you can get a lifetime of terabyte cloud storage on Koofr for just $160. The usual price would be $810, so this saves you $650 in total. And, naturally, Koofr's cloud storage has special features that you'll want to know about, too. So, go ahead and tap the button below to find the deal — it'll only be going on for a limited amount of time — and continue reading to see why we like this deal and what makes Koofr special.

BUY NOW

Read more
The 5 best things you can do with Copilot Pro right now

Copilot Pro is Microsoft’s AI subscription service that costs $20 per month for individuals and is integrated into the brand’s Microsoft 365 suite. The paid service offers unique features to Microsoft users, provides faster and more consistent AI performance with priority access to the GPT-4 and GPT-4 Turbo large language models (LLM) during peak times, and also brings the AI technology to the brand’s most popular PC applications -- and that's where things get really interesting.

Here are some of the best features on Copilot Pro and how they work.
Create custom GPTs

Read more