homepage Welcome to WebmasterWorld Guest from 54.196.196.108
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / WordPress
Forum Library, Charter, Moderators: lorax & rogerd

WordPress Forum

    
Wordpress hack connects users to botnet
travelin cat




msg:4653681
 1:54 pm on Mar 13, 2014 (gmt 0)

More than 100,000 Wordpress websites have conscripted into a botnet which forces them them to inadvertently launch DDoS attacks.
Security firm Sucuri found the botnet when analysing an attack targeting one of its customers and traced the source of the attack to legitimate WordPress sites.

[techradar.com...]

 

lorax




msg:4653711
 3:09 pm on Mar 13, 2014 (gmt 0)

I wish there was a way to shut down these sites. Maybe we need to have a license for WordPress site owners. If you're too stupid to keep your site updated, then you lose your license and the site goes offline.

graeme_p




msg:4653782
 6:06 pm on Mar 13, 2014 (gmt 0)

Wordpress could also help by

1) disabling things that not everyone needs, like XML-RPC (used in this attack) by default.
2) making hardening easier - e.g. making /wp-admin easily relocatable
3) disable file editing by default - or remove the damn stupid misfeature altogether.
4) do not use the same default admin username on every install.

lorax




msg:4653783
 6:13 pm on Mar 13, 2014 (gmt 0)

@graeme_p, yep.

dvduval




msg:4653790
 6:36 pm on Mar 13, 2014 (gmt 0)

I don't use wordpress for my own sites, but if a customer asks for it I warn them there will be ongoing maintenance costs to prevent them from being hacked.

webdevfv




msg:4653857
 11:26 pm on Mar 13, 2014 (gmt 0)

I use an older version but can't upgrade as my host won't upgrade php to the level required to install the newer Wordpress.

super70s




msg:4653867
 12:39 am on Mar 14, 2014 (gmt 0)

@webdevfv, I had the exact problem (are you with Yahoo SB too by any chance?). The older WP's have serious security issues and your domain can be hijacked for a Viagra page that isn't even on your site. My entire site isn't in WP (thank God), just a blog was, so I said the hell with WP and moved the blog to Blogger.

Now all those bogus Viagra pages go to my 404 page where there's a link to my main page. Thanks for the free traffic jerks, lol.

pawas




msg:4653902
 3:51 am on Mar 14, 2014 (gmt 0)

I do have some sites running very old versions, but I have never faced any hacking problems. It's because I always password protect 'wp-admin' directory on all installations/versions.

thecoalman




msg:4653932
 7:35 am on Mar 14, 2014 (gmt 0)

Protecting the admin folder or other non public folders with .htaccess is always a good practice since those files can typically cause the most damage but I wouldn't depend on it for securing an installation. Public scripts can be just as damaging.

Security for any site is about layers and keeping up to date to remove exploits should be priority number one.

lorax




msg:4654038
 1:29 pm on Mar 14, 2014 (gmt 0)

+1 thecoalman

Angonasec




msg:4654098
 4:36 pm on Mar 14, 2014 (gmt 0)

"I have never faced any hacking problems."

What I suspect you mean is you've not yet been hacked into.

Simply observe the hack attempts, in your raw access logs. The bulk are clearly focussed on the WP framework.

Then decide if that level of abuse of your CPU and BW is not a problem.

alika




msg:4654849
 6:45 pm on Mar 17, 2014 (gmt 0)

Public scripts can be just as damaging.


When my sites were constantly under attack, my managed webhost put a password protect on my Wordpress login and Google slammed me with "increase in authorization errors" pointing to the login pages. Here's the discussion to that problem I raised [webmasterworld.com...] Traffic plummeted - not the drastic drop-from-the-cliff kind, but the slow-but-sure kind that is sooo hard to climb back up.

I had to put the WP login pages in my robots.txt file to get rid of Google's authorization error messages.

I moved to a different managed server webhost with stronger protection layers against hacking. So far, no problems. Keeping my fingers crossed.

Hacking is just something many website owners don't think about until it happens to them. Just like me. When I got hit -- and boy, it was non stop -- it was painful. Only then did I take protecting against malwares and hacking seriously, and now religiously updates every Wordpress install and plugins as soon as available.

lorax




msg:4655039
 1:00 pm on Mar 18, 2014 (gmt 0)

>> Traffic plummeted

But if the traffic was from the bot attack this would make sense. No?

robzilla




msg:4655047
 1:29 pm on Mar 18, 2014 (gmt 0)

If you're too stupid to keep your site updated, then you lose your license and the site goes offline.

This attack has nothing to do with updates, though. It's just the way pingbacks work, and they're enabled by default in many content management systems, not just Wordpress.

lorax




msg:4655084
 5:00 pm on Mar 18, 2014 (gmt 0)

Good point robzilla - I wan't very clear. I should have included "and locked down"

You can disable them in the Admin panel for all future posts/pages. To disable them for already published posts/pages in bulk [wordpress.org...]

alika




msg:4655116
 6:18 pm on Mar 18, 2014 (gmt 0)

But if the traffic was from the bot attack this would make sense. No?


NO - the big decrease was Google traffic. The bot attack came as referral traffic

eddiemayan




msg:4673792
 7:49 am on May 23, 2014 (gmt 0)

WordPress has many vulnerabilities that can be exploited very easily. Most people do not know that their WordPress blog is a part of a large DDoS attack being carried out against a target.
Most commonly pingbacks and trackbacks are used in WordPress to send requests to a target website. DDoS attackers make use of this vulnerability launch a Application Layer DDoS attack.
We all should take steps to hardened our WordPress security so it can not be used to launch a large scale DDoS attack. Learn how to protect and prevent your WordPress website to be used in DDoS attack.

[edited by: lorax at 12:11 pm (utc) on May 23, 2014]

lorax




msg:4673900
 12:24 pm on May 23, 2014 (gmt 0)

Let's be clear without the sensationalism. Pingbacks are a feature that WordPress allows. Some people find them useful, others find them less so. Some exploit the function to coordinate attacks.

Just because we have roads and people use those roads to deliver car bombs or crash their cars, doesn't mean the roads are a vulnerability. Roads can be used for bad and good - they're job is to allow transport. The job of pingbacks is to allow notification. Either one can be used against you. If you want a truly safe CMS then don't use a CMS.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / WordPress
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved