Global Wordpress Brute Force Attack

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • AdultKing
    Raise Your Weapon
    • Jun 2003
    • 15601

    #1

    Global Wordpress Brute Force Attack

    Right now there is a global Wordpress brute force attack taking place where up to 90,000 individual IP addresses have been detected as involved.

    http://blog.sucuri.net/2013/04/mass-...r-reality.html

    http://blog.sucuri.net/2013/04/prote...e-attacks.html

    Check your server logs, ensure you have strong passwords and preferably don't use "admin" as your login name.
  • Phoenix
    BACON BACON BACON
    • Nov 2002
    • 35475

    #2
    who would have guessed wordpress is vulnerable?
    Telegram PhoenixBrad
    https://quantads.io

    Comment

    • 2013
      So Fucking Banned
      • Dec 2012
      • 4390

      #3
      what's a word press

      Comment

      • Nasty
        Confirmed User
        • Aug 2002
        • 1575

        #4
        This plugin prevents the unlimited login attempt's WordPress allows

        http://wordpress.org/extend/plugins/...ogin-attempts/

        “Ours is a world of nuclear giants and ethical infants. We know more about war than we know about peace, more about killing than we know about living. If we continue to develop our technology without wisdom or prudence, our servant may prove to be our executioner.” ― Omar Bradley (1948)

        Comment

        • Fat Panda
          Porn is Dead. Move along.
          • Aug 2006
          • 13296

          #5
          fun stuff

          Comment

          • 2012
            So Fucking What
            • Jul 2006
            • 17189

            #6
            i made da wordpess imma da webpage dedinuuhhhh . i dedign webpage
            best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself

            Comment

            • CurrentlySober
              Too lazy to wipe my ass
              • Aug 2002
              • 38952

              #7
              Originally posted by 2013
              what's a word press
              i cunt a4d a word being pressed...


              👁️ 👍️ 💩

              Comment

              • Mark.Roy
                Confirmed User
                • Apr 2013
                • 122

                #8
                Thanks for heads up.



                email: mark[at]insanedollars[dot]com | ICQ::685~986~008

                Flat $125 PPS Cam Site! Make Insane Dollar$!!

                Comment

                • Emil
                  Confirmed User
                  • Feb 2007
                  • 5658

                  #9
                  I assume that as long as you use a decent password you should be OK since they're using wordlists for the attacks?
                  Free 🅑🅘🅣🅒🅞🅘🅝🅢 Every Hour (Yes, really. Free ₿itCoins.)
                  (Signup with ONLY your Email and Password. You can also refer people and get even more.)

                  Comment

                  • ottopottomouse
                    She is ugly, bad luck.
                    • Jan 2010
                    • 13177

                    #10
                    Originally posted by Phoenix
                    who would have guessed wordpress is vulnerable?
                    The vulnerability is just down to the number of users and the likelihood of people being stupid enough to use abc123 as their password.
                    ↑ see post ↑
                    13101

                    Comment

                    • seeandsee
                      Check SIG!
                      • Mar 2006
                      • 50945

                      #11
                      I use good password, so they will not enter that way
                      BUY MY SIG - 50$/Year

                      Contact here

                      Comment

                      • bigluv
                        Confirmed User
                        • Jul 2008
                        • 850

                        #12
                        Thanks for the heads up. It always amazes me that websites dont have more sophisticated anti-hacking measures along these lines.

                        Comment

                        • RubyGoodnight
                          Confirmed User
                          • Oct 2011
                          • 577

                          #13
                          Thanks, AK - passed the word along.
                          Last edited by RubyGoodnight; 04-12-2013, 11:58 AM.
                          Just your run of the mill former fetish performer who is now writing for adult web sites. If you want authentic detail that gets noticed, get in touch.

                          email: smut [at] rubygoodnight [dot] com | twitter: @RubyGoodnight | Skype: RubyGoodnight
                          portfolio : rubygoodnight.com | non-exclusive adult written content: downloads.rubygoodnight.com

                          Comment

                          • GonZo
                            Confirmed User
                            • Jul 2002
                            • 3180

                            #14
                            Originally posted by AdultKing
                            Right now there is a global Wordpress brute force attack taking place where up to 90,000 individual IP addresses have been detected as involved.

                            http://blog.sucuri.net/2013/04/mass-...r-reality.html

                            http://blog.sucuri.net/2013/04/prote...e-attacks.html

                            Check your server logs, ensure you have strong passwords and preferably don't use "admin" as your login name.
                            MojoHost took care of me hours ago as they always do.
                            Issue was resolved before I got out of bed.

                            Only reason you might worry is if your server isnt hosted at MojoHost.
                            Assclown Bob Rice wants to BANG your credit card!
                            "I am putting the bastards of this world on notice; greed and corruption will always be met with "a voice made of ink and rage."
                            All the information above is my personal opinion.

                            Comment

                            • JesseQuinn
                              feeding the wolves
                              • Aug 2012
                              • 6632

                              #15
                              Originally posted by Nasty
                              This plugin prevents the unlimited login attempt's WordPress allows

                              http://wordpress.org/extend/plugins/...ogin-attempts/
                              ^^that plugin is great for keeping out specific people who want to fuck with someone's wordpress, but from the articles linked in the OP it appears that so many different IPs (90 000 unique IPs) are involved that the plugin isn't very effective

                              it's still a great plugin, just not against this sort of attack


                              Originally posted by ottopottomouse
                              The vulnerability is just down to the number of users and the likelihood of people being stupid enough to use abc123 as their password.
                              ^^^I'm saying.

                              unrelated to wordpress, I had a bunch of weird questions from pseudo-customers a few weeks back (3 on the same day) asking me to play the 'porn star name game' (where the answers are one's middle name, street one grew up on, name of one's first pet, etc). It didn't occur to me that it was anything significant (other than being weird) until I read that those are often password retrieval questions for online accounts. It was a total 'duh' moment and I'm glad I just ignored the losers who had asked me.

                              /threadjack

                              thanks for posting the links, AdultKing
                              throwing molotav cocktails at the precinct

                              Comment

                              • ottopottomouse
                                She is ugly, bad luck.
                                • Jan 2010
                                • 13177

                                #16
                                There is always quite a few sites about harvesting passwords in the guise of Check How Secure Your Password Is too.
                                ↑ see post ↑
                                13101

                                Comment

                                • Heath
                                  Confirmed User
                                  • Sep 2008
                                  • 491

                                  #17
                                  So is admin1234 not secure? Man. I got a lot of sites to change. Can anyone help?
                                  Email - popuplace [at] yahoo [dot] com

                                  Comment

                                  • Forest
                                    Confirmed User
                                    • Aug 2001
                                    • 9135

                                    #18
                                    Originally posted by Populace
                                    So is admin1234 not secure? Man. I got a lot of sites to change. Can anyone help?
                                    change it to pass123

                                    Comment

                                    • NaughtyVisions
                                      Confirmed User
                                      • May 2008
                                      • 4204

                                      #19
                                      Originally posted by Forest
                                      change it to pass123
                                      or simply "password."
                                      Online strip gaming with sexy gamer girls
                                      Best thing I ever signed up for: Quality Razors, Cheap Price

                                      Comment

                                      • LouiseLloyd
                                        SO FUCKING SCAMMED
                                        • Mar 2010
                                        • 1432

                                        #20
                                        Use .htaccess to password protect /wp-admin folder and add deny access to all traffic excluding your own IP.

                                        Comment

                                        • RazorSharpe
                                          Confirmed User
                                          • Aug 2001
                                          • 2238

                                          #21
                                          http://wordpress.org/extend/plugins/...in-security-2/

                                          this looks rather nifty
                                          Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

                                          Comment

                                          • xxxjay
                                            Tube groupie.
                                            • Aug 2002
                                            • 13482

                                            #22
                                            We had to deal with it yesterday
                                            http://donttellmehowtoruinmylife.com/ - http://www.jmdigitalmarketing.com/my...s-and-reviews/ - http://www.wouldyouhitit.org - http://shinyobjectreviews.com/

                                            Comment

                                            • discounts.xxx
                                              Registered User
                                              • May 2012
                                              • 83

                                              #23
                                              Why would they want to hit Wordpress? I was aware of this yesterday....unfortunately..
                                              Skype: guanche01
                                              www.discountsxxx.com
                                              [email protected]

                                              Comment

                                              • Captain Kawaii
                                                So Fucking Banned
                                                • Oct 2007
                                                • 6748

                                                #24
                                                Thanks for the info all.

                                                Comment

                                                • babymaker
                                                  Confirmed User
                                                  • Jan 2004
                                                  • 4751

                                                  #25
                                                  Originally posted by GonZo
                                                  MojoHost took care of me hours ago as they always do.
                                                  Issue was resolved before I got out of bed.

                                                  Only reason you might worry is if your server isnt hosted at MojoHost.
                                                  M3Server took care of it before I heard of it as well, got an email awhile ago

                                                  ICQ 293125596

                                                  Comment

                                                  • blazin
                                                    Confirmed User
                                                    • Aug 2002
                                                    • 2781

                                                    #26
                                                    Stick you wp-admin directory behind a basic authentication prompt as well
                                                    I don't endorse a god damn thing......

                                                    Comment

                                                    • just a punk
                                                      So fuckin' bored
                                                      • Jun 2003
                                                      • 32393

                                                      #27
                                                      Originally posted by Phoenix
                                                      who would have guessed wordpress is vulnerable?
                                                      Vulnerable? How password bruteforcing is related to the definition of "vulnerability"?
                                                      Obey the Cowgod

                                                      Comment

                                                      • icymelon
                                                        Confirmed User
                                                        • Dec 2007
                                                        • 3220

                                                        #28
                                                        Originally posted by GonZo
                                                        MojoHost took care of me hours ago as they always do.
                                                        Issue was resolved before I got out of bed.

                                                        Only reason you might worry is if your server isnt hosted at MojoHost.
                                                        my server was down at mojo. they want me to upgrade. too many blogs on one box
                                                        Network Of Adult Blogs With Hardlink Rentals Available

                                                        Comment

                                                        • Freedom6995
                                                          Friends of Venus founder
                                                          • Jul 2010
                                                          • 1975

                                                          #29
                                                          Originally posted by LouiseLloyd
                                                          Use .htaccess to password protect /wp-admin folder and add deny access to all traffic excluding your own IP.

                                                          Comment

                                                          Working...