May 282013
 

WP comments from ma.tt:

“… Almost 3 years ago we released a version of WordPress (3.0) that allowed you to pick a custom username on installation, which largely ended people using “admin” as their default username. Right now there’s a botnet going around all of the WordPresses it can find trying to login with the “admin” username and a bunch of common passwords, and it has turned into a news story (especially from companies that sell “solutions” to the problem).

Here’s what I would recommend: If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem. Most other advice isn’t great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours). …” – April 12,2013

WP Botnet Signature:

"POST /wp-login.php HTTP/1.0" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0"

WP Botnet Passwords:

  • http://krebsonsecurity.com/wp-content/uploads/2013/04/WPpasslist.txt

c3000 ‘admin/password’ bruteforce login attempts.

WP Botnet Clients:

grep "POST /wp-login.php HTTP/1.0" /var/log/apache2/access.log | grep "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" | awk {'print $1'} | sort | uniq | wc

c1800 WP bots and counting …

… Adhere to WP security best practice and ride the tide !!

3,600 total views, 1 views today

 Leave a Reply

*

© 2011 Indimon Internet Services

Site last updated March 11, 2017 @ 9:57 am; This content last updated May 28, 2013 @ 9:25 pm

Return to Top ▲Return to Top ▲