WordPress admin accounts target of botnet attacks (updated) – VentureBeat

Bots
Updated 5:22pm PT with comment from WordPress.
Hackers are targeting major blogging platform WordPress using a botnet aimed at stealing login credentials for admin-level accounts.
Those who use WordPress to run the back-end of their blogs may want to pay close attention to their accounts. Attackers are accessing the login portals for those blogs, entering the username “admin,” and then using a tool that “brute forces” its way into the account. The tool is programmed with dictionary words, which it then enters into the login portal by the thousands to guess your password. Many people still use “password” for their, well, password, and other easy-to-remember words.
The AI Impact Tour – NYC
We’ll be in New York on February 29 in partnership with Microsoft to discuss how to balance risks and rewards of AI applications. Request an invite to the exclusive event below.
 
WordPress founder Matt Mullenweg released a blog post saying, “If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem.”
He explained that in the WordPress 3.0 update, the company began allowing you to create your own login username when you first set up your WordPress backend — “admin” used to be the default. If you took the opportunity to make your own username, your account will be unaffected for now.
CloudFlare — a company that filters your web traffic to make sure your pages are loaded speedily, but also watches for bots stealing your bandwidth — released a blog post saying that it believes the attacker behind this botnet likely wants to take over your website’s servers, not mess with your WordPress site. The botnet as it stands now, according to CloudFlare, is made up of home PCs that aren’t as powerful as full servers. With that server capability, however, the botnet would be able to execute more impactful attacks such as strong denial of service attacks that can knock a website offline.
CloudFlare explained to me in an email that over 100,000 IP addresses are currently detected in the botnet.
“It’s a big attack directed at a significant percentage of the WordPress installs worldwide,” a company spokesperson said in the email.
We have reached out to WordPress and will update this post upon hearing back.
hat tip TechCrunch; Bot image via Shutterstock
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.
Join us in New York for an invitation-only evening of networking and insights at our exclusive event: “How to balance risks and rewards of AI applications.”
© 2024 VentureBeat. All rights reserved.

source