-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Awareness System
WordPress Sites Targeted by Mass Brute-force Botnet Attack
Original release date: April 15, 2013
US-CERT is aware of an ongoing campaign targeting the content management
software WordPress, a free and open source blogging tool and web
publishing platform based on PHP and MySQL. All hosting providers
offering WordPress for web content management are potentially targets.
Hackers reportedly are utilizing over 90,000 servers to compromise
websites administrator panels by exploiting hosts with admin as account
name, and weak passwords which are being resolved through brute force
attack methods.
CloudFlare, a web performance and security startup, has to block 60
million requests against its WordPress customers within one hour elapse
time. The online requests reprise the WordPress scenario targeting
administrative accounts from a botnet supported by more than 90,000
separate IP addresses. A CloudFlare spokesman asserted that if hackers
successfully control WordPress servers, potential damage and service
disruption could exceed common distributed denial of service (DDoS)
attack defenses. As a mitigating strategy, HostGator, a web hosting
company used for WordPress, has recommended users log into their
WordPress accounts and change them to more secure passwords.
US-CERT encourages users and administrators to ensure their installation
includes the latest software versions available. More information to
assist administrators in maintaining a secure content management system
include:
* Review the June 21, 2012, vulnerability described in CVE-2012-3791,
and follow best practices to determine if their organization is affected
and the appropriate response.
* Refer to the Technical Alert on Content Management Systems Security
and Associated Risks for more information on securing a web content
management system
* Refer to Security Tip Understanding Hidden Threats: Rootkits and
Botnets for more information on protecting a system against botnet
attacks
* Additional security practices and guidance are available in US-CERTs
Technical Information Paper TIP-12-298-01 on Website Security
Relevant URL(s):
<http://web.nvd.nist.gov/view/ vuln/detail?vulnId=CVE-2012- 3791>
<http://www.us-cert.gov/ncas/ tips/ST06-001>
<http://www.us-cert.gov/sites/ default/files/publications/ TIP-12-298-01-Website- Security.pdf>
<http://www.us-cert.gov/ncas/ alerts/TA13-024A>
______________________________ ______________________________ ________
Produced by US-CERT, a government organization.
______________________________ ______________________________ ________
This product is provided subject to this Notification:
http://www.us-cert.gov/ privacy/notification/
Privacy & Use policy:
http://www.us-cert.gov/ privacy/
This document can also be found at
http://www.us-cert.gov/ncas/ current-activity/2013/04/15/ WordPress-Sites-Targeted-Mass- Brute-force-Botnet-Attack
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBUWwH3HdnhE8Qi3ZhAQI5Xg f/eblyB8RpgMan72Sm+ J7rfwqmGqAsT9pb
W+LIw0B4uqLe4FCeJC8TWEI4/ I4jYYfsV3ClN43kuHeEdorlM1XUVH0 IfTBumYXJ
6SQJ0BgrX3xmSrOeOrMePJ9jZeEzRF GJ5JZMvbheejnyZFVnc/ RfC6oCbnTJX7nD
WDCPsgT+2opLXsQWUj8vdtuFdP/ tnncEWvWgdvkAwRPJagyhq12NzQBZt O+N4ES8
qvvxpUGdHvEpzk74uvsTdHDslh+ HbEemz40fozBTMuqkLst3yFq/ jrf8gh0g+wfo
gkkb35ucMwi5V6kIuIOyab7f5rRTHz ouN1MwpZbERPW+PJ/wuw4T/Q==
=yNqe
-----END PGP SIGNATURE-----
Hash: SHA1
National Cyber Awareness System
WordPress Sites Targeted by Mass Brute-force Botnet Attack
Original release date: April 15, 2013
US-CERT is aware of an ongoing campaign targeting the content management
software WordPress, a free and open source blogging tool and web
publishing platform based on PHP and MySQL. All hosting providers
offering WordPress for web content management are potentially targets.
Hackers reportedly are utilizing over 90,000 servers to compromise
websites administrator panels by exploiting hosts with admin as account
name, and weak passwords which are being resolved through brute force
attack methods.
CloudFlare, a web performance and security startup, has to block 60
million requests against its WordPress customers within one hour elapse
time. The online requests reprise the WordPress scenario targeting
administrative accounts from a botnet supported by more than 90,000
separate IP addresses. A CloudFlare spokesman asserted that if hackers
successfully control WordPress servers, potential damage and service
disruption could exceed common distributed denial of service (DDoS)
attack defenses. As a mitigating strategy, HostGator, a web hosting
company used for WordPress, has recommended users log into their
WordPress accounts and change them to more secure passwords.
US-CERT encourages users and administrators to ensure their installation
includes the latest software versions available. More information to
assist administrators in maintaining a secure content management system
include:
* Review the June 21, 2012, vulnerability described in CVE-2012-3791,
and follow best practices to determine if their organization is affected
and the appropriate response.
* Refer to the Technical Alert on Content Management Systems Security
and Associated Risks for more information on securing a web content
management system
* Refer to Security Tip Understanding Hidden Threats: Rootkits and
Botnets for more information on protecting a system against botnet
attacks
* Additional security practices and guidance are available in US-CERTs
Technical Information Paper TIP-12-298-01 on Website Security
Relevant URL(s):
<http://web.nvd.nist.gov/view/
<http://www.us-cert.gov/ncas/
<http://www.us-cert.gov/sites/
<http://www.us-cert.gov/ncas/
______________________________
Produced by US-CERT, a government organization.
______________________________
This product is provided subject to this Notification:
http://www.us-cert.gov/
Privacy & Use policy:
http://www.us-cert.gov/
This document can also be found at
http://www.us-cert.gov/ncas/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBUWwH3HdnhE8Qi3ZhAQI5Xg
W+LIw0B4uqLe4FCeJC8TWEI4/
6SQJ0BgrX3xmSrOeOrMePJ9jZeEzRF
WDCPsgT+2opLXsQWUj8vdtuFdP/
qvvxpUGdHvEpzk74uvsTdHDslh+
gkkb35ucMwi5V6kIuIOyab7f5rRTHz
=yNqe
-----END PGP SIGNATURE-----