A botnet, made up of at least 90,000 hacked computers, has launched a large worldwide attack on websites running the WordPress content management system across a number of hosting companies.
Ars Technica reports the attack involves a brute-force effort to crack the passwords of sites running WordPress across a number of major web hosting providers.
“This attack is happening at a global level and WordPress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IPs used are spoofed), it is making it difficult for us to block all malicious data,” states web hosting company ResellerClub.
There are early indications that hackers are installing malicious scripts on servers hosting WordPress sites that have been compromised in the attack that, in turn, are being used to hack other websites.
“These [servers] can cause much more damage in DDoS [distributed denial-of-service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic,” states Matthew Prince, the chief executive of web hosting company CloudFlare.
SMEs using WordPress are urged to update their passwords and ensure they use strong passwords for their websites.
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.